Action not permitted
Modal body text goes here.
cve-2021-44832
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Apache Software Foundation | Apache Log4j2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:32:13.076Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "name": "FEDORA-2021-c6f471ce0f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" }, { "name": "FEDORA-2021-1bd9151bab", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Log4j2", "vendor": "Apache Software Foundation", "versions": [ { "changes": [ { "at": "2.13.0", "status": "affected" }, { "at": "2.12.4", "status": "unaffected" }, { "at": "2.4", "status": "affected" }, { "at": "2.3.2", "status": "unaffected" }, { "at": "2.0-beta7", "status": "affected" } ], "lessThan": "2.17.1", "status": "affected", "version": "log4j-core", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2." } ], "metrics": [ { "other": { "content": { "other": "moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:41:33", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "tags": [ "x_refsource_MISC" ], "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "name": "FEDORA-2021-c6f471ce0f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" }, { "name": "FEDORA-2021-1bd9151bab", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "source": { "defect": [ "LOG4J2-3293", "" ], "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-27T00:00:00", "value": "reported" }, { "lang": "en", "time": "2021-12-27T00:00:00", "value": "patch proposed, 2.17.1-rc1" }, { "lang": "en", "time": "2021-12-28T00:00:00", "value": "fixed" }, { "lang": "en", "time": "2021-12-28T00:00:00", "value": "public" } ], "title": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-44832", "STATE": "PUBLIC", "TITLE": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Log4j2", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.17.1" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.13.0" }, { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.12.4" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.4" }, { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.3.2" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.0-beta7" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] }, { "description": [ { "lang": "eng", "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "refsource": "MISC", "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "name": "https://issues.apache.org/jira/browse/LOG4J2-3293", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "name": "FEDORA-2021-c6f471ce0f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" }, { "name": "FEDORA-2021-1bd9151bab", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220104-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, "source": { "defect": [ "LOG4J2-3293", "" ], "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-27T00:00:00", "value": "reported" }, { "lang": "en", "time": "2021-12-27T00:00:00", "value": "patch proposed, 2.17.1-rc1" }, { "lang": "en", "time": "2021-12-28T00:00:00", "value": "fixed" }, { "lang": "en", "time": "2021-12-28T00:00:00", "value": "public" } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-44832", "datePublished": "2021-12-28T19:35:11", "dateReserved": "2021-12-11T00:00:00", "dateUpdated": "2024-08-04T04:32:13.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-44832\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-12-28T20:15:08.400\",\"lastModified\":\"2023-11-07T03:39:43.957\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\"},{\"lang\":\"es\",\"value\":\"Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de correcci\u00f3n de seguridad 2.3.2 y 2.12.4) son vulnerables a un ataque de ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando una configuraci\u00f3n utiliza un JDBC Appender con un URI de origen de datos JNDI LDAP cuando un atacante tiene el control del servidor LDAP de destino. Este problema se soluciona limitando los nombres de fuentes de datos JNDI al protocolo java en las versiones 2.17.1, 2.12.4 y 2.3.2 de Log4j2\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":8.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.1\",\"versionEndExcluding\":\"2.3.2\",\"matchCriteriaId\":\"E5737813-009A-4FDD-AC84-42E871EA1676\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4\",\"versionEndExcluding\":\"2.12.4\",\"matchCriteriaId\":\"0D1858C4-53AC-4528-B86F-0AB83777B4F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.17.1\",\"matchCriteriaId\":\"D127EBB0-E86F-4349-96E5-19BD198E0CCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"17854E42-7063-4A55-BF2A-4C7074CC2D60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9D58C21-34AE-4782-8580-816B2F6A8F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCFCBA59-E0DF-46FD-8431-C1043E7AB4EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*\",\"matchCriteriaId\":\"53F32FB2-6970-4975-8BD0-EAE12E9AD03A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B773ED91-1D39-42E6-9C52-D02210DE1A94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF24312D-1A62-482E-8078-7EC24758B710\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.5.1.0\",\"matchCriteriaId\":\"83F42D52-1E43-44E0-8B53-A2A918BDDEC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E23F2E-6733-45AF-9BD9-1A600BD278C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.13\",\"matchCriteriaId\":\"A621A5AE-6974-4BA5-B1AC-7130A46F68F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.12\",\"matchCriteriaId\":\"4096281D-2EBA-490D-8180-3C9D05EB890A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0\",\"versionEndIncluding\":\"20.12.7\",\"matchCriteriaId\":\"E6B70E72-B9FC-4E49-8EDD-29C7E14F5792\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F45363-236B-4040-8AE4-C6C0E204EDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.18.0\",\"matchCriteriaId\":\"A66F0C7C-4310-489F-8E91-4171D17DB32F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0.0\",\"versionEndIncluding\":\"20.12.12.0\",\"matchCriteriaId\":\"651104CE-0569-4E6D-ACAB-AD2AC85084DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45D89239-9142-46BD-846D-76A5A74A67B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48C9BD8E-7214-4B44-B549-6F11B3EA8A04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F6FD19-A314-4A1F-96CB-6DB1CED79430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D62731F-3290-4383-A4F6-5274B4D63B1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66AB39B2-0CE1-4C7E-9E7B-B288A080D584\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0.0.4.6\",\"matchCriteriaId\":\"6894D860-000E-439D-8AB7-07E9B2ACC31B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD66C717-85E0-40E7-A51F-549C8196D557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0.0\",\"versionEndIncluding\":\"8.5.1.0\",\"matchCriteriaId\":\"F9550113-7423-48D8-A1C7-95D6AEE9B33C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E23F2E-6733-45AF-9BD9-1A600BD278C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0.0.4.4\",\"matchCriteriaId\":\"61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5933FEA2-B79E-4EE7-B821-54D676B45734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B74B912-152D-4F38-9FC1-741D6D0B27FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C9A32B-B776-4704-818D-977B4B20D677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6989178B-A3D5-4441-A56C-6C639D4759DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5049591-AA1B-4D64-A925-40D0724074D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.24\",\"matchCriteriaId\":\"F47057A9-2DDE-4178-B140-F7D70EAED8F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.24\",\"matchCriteriaId\":\"9132D7F2-43B3-4595-B8BF-C9DE897087F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.13\",\"matchCriteriaId\":\"A621A5AE-6974-4BA5-B1AC-7130A46F68F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.12\",\"matchCriteriaId\":\"4096281D-2EBA-490D-8180-3C9D05EB890A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0\",\"versionEndIncluding\":\"20.12.7\",\"matchCriteriaId\":\"E6B70E72-B9FC-4E49-8EDD-29C7E14F5792\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F45363-236B-4040-8AE4-C6C0E204EDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0.0\",\"versionEndIncluding\":\"19.12.18.0\",\"matchCriteriaId\":\"AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0.0\",\"versionEndIncluding\":\"20.12.12.0\",\"matchCriteriaId\":\"651104CE-0569-4E6D-ACAB-AD2AC85084DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45D89239-9142-46BD-846D-76A5A74A67B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F978162-CB2C-4166-947A-9048C6E878BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7BD0D41-1BED-4C4F-95C8-8987C98908DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ABA57AC-4BBF-4E4F-9F7E-D42472C36EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"21.12\",\"matchCriteriaId\":\"889916ED-5EB2-49D6-8400-E6DBBD6C287F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/12/28/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/LOG4J2-3293\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220104-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
rhsa-2022_0226
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for OpenShift Logging (5.1.7)\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Logging Bug Fix Release (5.1.7)\n\nSecurity Fix(es):\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0226", "url": "https://access.redhat.com/errata/RHSA-2022:0226" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1940613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0226.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.1.7)", "tracking": { "current_release_date": "2024-11-15T10:44:33+00:00", "generator": { "date": "2024-11-15T10:44:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0226", "initial_release_date": "2022-01-20T21:39:00+00:00", "revision_history": [ { "date": "2022-01-20T21:39:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T21:39:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.1", "product": { "name": "OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.1::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.7-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.7-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-102" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-98" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-97" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-102" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-108" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.7-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.7-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-102" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-98" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-97" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-102" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-108" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.7-2" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.1.7-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.7-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.1.7-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-102" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-98" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-97" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-102" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-108" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-27292", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1940613" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header", "title": "Vulnerability summary" }, { "category": "other", "text": "While some components do package a vulnerable version of ua-parser-js, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM) \n - Red Hat OpenShift Jaeger (RHOSJ)\n - Red Hat OpenShift Logging\n\nThe OCP presto-container does ship the vulnerable component, however since OCP 4.6 the Metering product has been deprecated [1], set as wont-fix and may be fixed in a future release.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships graphql-tools that pulls 0.7.23 version of ua-parser-js that uses the affected code.\n\n[1] - https://access.redhat.com/solutions/5707561", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27292" }, { "category": "external", "summary": "RHBZ#1940613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27292", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27292" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292" }, { "category": "external", "summary": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76", "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76" } ], "release_date": "2021-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T21:39:00+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0226" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T21:39:00+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0226" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" } ] }
rhsa-2022_1299
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1299", "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "JBEAP-22105", "url": "https://issues.redhat.com/browse/JBEAP-22105" }, { "category": "external", "summary": "JBEAP-22385", "url": "https://issues.redhat.com/browse/JBEAP-22385" }, { "category": "external", "summary": "JBEAP-22731", "url": "https://issues.redhat.com/browse/JBEAP-22731" }, { "category": "external", "summary": "JBEAP-22738", "url": "https://issues.redhat.com/browse/JBEAP-22738" }, { "category": "external", "summary": "JBEAP-22819", "url": "https://issues.redhat.com/browse/JBEAP-22819" }, { "category": "external", "summary": "JBEAP-22839", "url": "https://issues.redhat.com/browse/JBEAP-22839" }, { "category": "external", "summary": "JBEAP-22864", "url": "https://issues.redhat.com/browse/JBEAP-22864" }, { "category": "external", "summary": "JBEAP-22904", "url": "https://issues.redhat.com/browse/JBEAP-22904" }, { "category": "external", "summary": "JBEAP-22911", "url": "https://issues.redhat.com/browse/JBEAP-22911" }, { "category": "external", "summary": "JBEAP-22912", "url": "https://issues.redhat.com/browse/JBEAP-22912" }, { "category": "external", "summary": "JBEAP-22913", "url": "https://issues.redhat.com/browse/JBEAP-22913" }, { "category": "external", "summary": "JBEAP-22935", "url": "https://issues.redhat.com/browse/JBEAP-22935" }, { "category": "external", "summary": "JBEAP-22945", "url": "https://issues.redhat.com/browse/JBEAP-22945" }, { "category": "external", "summary": "JBEAP-22973", "url": "https://issues.redhat.com/browse/JBEAP-22973" }, { "category": "external", "summary": "JBEAP-23038", "url": "https://issues.redhat.com/browse/JBEAP-23038" }, { "category": "external", "summary": "JBEAP-23040", "url": "https://issues.redhat.com/browse/JBEAP-23040" }, { "category": "external", "summary": "JBEAP-23045", "url": "https://issues.redhat.com/browse/JBEAP-23045" }, { "category": "external", "summary": "JBEAP-23101", "url": "https://issues.redhat.com/browse/JBEAP-23101" }, { "category": "external", "summary": "JBEAP-23105", "url": "https://issues.redhat.com/browse/JBEAP-23105" }, { "category": "external", "summary": "JBEAP-23143", "url": "https://issues.redhat.com/browse/JBEAP-23143" }, { "category": "external", "summary": "JBEAP-23177", "url": "https://issues.redhat.com/browse/JBEAP-23177" }, { "category": "external", "summary": "JBEAP-23323", "url": "https://issues.redhat.com/browse/JBEAP-23323" }, { "category": "external", "summary": "JBEAP-23373", "url": "https://issues.redhat.com/browse/JBEAP-23373" }, { "category": "external", "summary": "JBEAP-23374", "url": "https://issues.redhat.com/browse/JBEAP-23374" }, { "category": "external", "summary": "JBEAP-23375", "url": "https://issues.redhat.com/browse/JBEAP-23375" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1299.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "tracking": { "current_release_date": "2024-11-15T14:46:14+00:00", "generator": { "date": "2024-11-15T14:46:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1299", "initial_release_date": "2022-04-11T13:00:49+00:00", "revision_history": [ { "date": "2022-04-11T13:00:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-11T13:00:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:46:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "EAP 7.4.4 release", "product": { "name": "EAP 7.4.4 release", "product_id": "EAP 7.4.4 release", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4104", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031667" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.4 release" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4104" }, { "category": "external", "summary": "RHBZ#2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301" }, { "category": "external", "summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", "url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/13/1" } ], "release_date": "2021-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:49+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.4 release" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "EAP 7.4.4 release" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP 7.4.4 release" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.4 release" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:49+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.4 release" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "EAP 7.4.4 release" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP 7.4.4 release" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.4 release" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:49+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.4 release" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "EAP 7.4.4 release" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP 7.4.4 release" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.4 release" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:49+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.4 release" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "EAP 7.4.4 release" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP 7.4.4 release" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" }, { "cve": "CVE-2022-23302", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041949" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker\u0027s JNDI LDAP endpoint.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.4 release" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23302" }, { "category": "external", "summary": "RHBZ#2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23302", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/3", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/3" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:49+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.4 release" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "EAP 7.4.4 release" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP 7.4.4 release" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink" }, { "cve": "CVE-2022-23305", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2022-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041959" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.4 release" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23305" }, { "category": "external", "summary": "RHBZ#2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/4" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:49+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.4 release" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", "product_ids": [ "EAP 7.4.4 release" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP 7.4.4 release" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender" }, { "cve": "CVE-2022-23307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041967" } ], "notes": [ { "category": "description", "text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer", "title": "Vulnerability summary" }, { "category": "other", "text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.4 release" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23307" }, { "category": "external", "summary": "RHBZ#2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/5" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:49+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.4 release" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "workaround", "details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", "product_ids": [ "EAP 7.4.4 release" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP 7.4.4 release" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer" } ] }
rhsa-2022_0227
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for OpenShift Logging (5.3.3)\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Openshift Logging Bug Fix Release (5.3.3)\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0227", "url": "https://access.redhat.com/errata/RHSA-2022:0227" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1940613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0227.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.3.3)", "tracking": { "current_release_date": "2024-11-15T10:44:50+00:00", "generator": { "date": "2024-11-15T10:44:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0227", "initial_release_date": "2022-01-20T21:40:25+00:00", "revision_history": [ { "date": "2022-01-20T21:40:25+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T21:40:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.3", "product": { "name": "OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.3-3" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.3.3-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.3-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.3.3-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-103" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-70" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-72" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-99" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-98" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-103" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-109" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.3-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.3-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-103" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-70" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-72" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-99" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-98" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-103" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-109" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.3-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.3-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-103" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-70" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-72" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-99" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-98" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-103" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-109" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-27292", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1940613" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header", "title": "Vulnerability summary" }, { "category": "other", "text": "While some components do package a vulnerable version of ua-parser-js, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM) \n - Red Hat OpenShift Jaeger (RHOSJ)\n - Red Hat OpenShift Logging\n\nThe OCP presto-container does ship the vulnerable component, however since OCP 4.6 the Metering product has been deprecated [1], set as wont-fix and may be fixed in a future release.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships graphql-tools that pulls 0.7.23 version of ua-parser-js that uses the affected code.\n\n[1] - https://access.redhat.com/solutions/5707561", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27292" }, { "category": "external", "summary": "RHBZ#1940613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27292", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27292" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292" }, { "category": "external", "summary": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76", "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76" } ], "release_date": "2021-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T21:40:25+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0227" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T21:40:25+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0227" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:74e4ae6c04abc489b90cab07c40f24f68ab7f92e366d3661ba3130ca6fa205c9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:eec91dbe056a85b3a8b61c5ce4d9383e182440f5ea496fac64a22cd7920daf5f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:183da02fcaa5915a0552e5c4c4716b521cb5a698590fc1f58e0cede837f52b49_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:1d7fe3558d416cf1ce9cd59e68f71ac3123b1cb8a3435001d2fa356198ea821c_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:956fb983f6ca0991c2d2a03f7054bd2c9881c03883e44d7b695dba475df62a29_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:61a6311f2ca53f6e600007bd9ffc90c7183f81db8fee8d839991565d82be5f2e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:680c44946a899270de101bca06b22ed5b4eba0b85c1e01e21e30fc6a2740ab2d_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce82cceec1ccb2e951cc54fbc6bd1109a616034f9462b19f13dffa35902e0cef_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:5e2d853cc71ec673ce0f6bcc14628c2fd650a9153b8d7e5f8cd1a1b2ef36093e_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" } ] }
rhsa-2022_0223
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A minor version update (from 1.6.2 to 1.6.3) is now available for Red Hat Integration Camel K that includes bug fixes. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "A minor version update (from 1.6.2 to 1.6.3) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0223", "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2022-Q1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2022-Q1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1", "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0223.json" } ], "title": "Red Hat Security Advisory: Red Hat Integration Camel-K 1.6.3 release and security update", "tracking": { "current_release_date": "2024-11-15T10:44:58+00:00", "generator": { "date": "2024-11-15T10:44:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0223", "initial_release_date": "2022-01-20T18:55:14+00:00", "revision_history": [ { "date": "2022-01-20T18:55:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T18:55:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Integration Camel-K 1.6.3", "product": { "name": "Red Hat Integration Camel-K 1.6.3", "product_id": "Red Hat Integration Camel-K 1.6.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:integration:1" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration Camel-K 1.6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T18:55:14+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration Camel-K 1.6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "Red Hat Integration Camel-K 1.6.3" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Integration Camel-K 1.6.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration Camel-K 1.6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T18:55:14+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration Camel-K 1.6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "Red Hat Integration Camel-K 1.6.3" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Integration Camel-K 1.6.3" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration Camel-K 1.6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T18:55:14+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration Camel-K 1.6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "Red Hat Integration Camel-K 1.6.3" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Integration Camel-K 1.6.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" } ] }
rhsa-2022_1297
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1297", "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "JBEAP-22105", "url": "https://issues.redhat.com/browse/JBEAP-22105" }, { "category": "external", "summary": "JBEAP-22385", "url": "https://issues.redhat.com/browse/JBEAP-22385" }, { "category": "external", "summary": "JBEAP-22731", "url": "https://issues.redhat.com/browse/JBEAP-22731" }, { "category": "external", "summary": "JBEAP-22738", "url": "https://issues.redhat.com/browse/JBEAP-22738" }, { "category": "external", "summary": "JBEAP-22819", "url": "https://issues.redhat.com/browse/JBEAP-22819" }, { "category": "external", "summary": "JBEAP-22839", "url": "https://issues.redhat.com/browse/JBEAP-22839" }, { "category": "external", "summary": "JBEAP-22864", "url": "https://issues.redhat.com/browse/JBEAP-22864" }, { "category": "external", "summary": "JBEAP-22900", "url": "https://issues.redhat.com/browse/JBEAP-22900" }, { "category": "external", "summary": "JBEAP-22904", "url": "https://issues.redhat.com/browse/JBEAP-22904" }, { "category": "external", "summary": "JBEAP-22911", "url": "https://issues.redhat.com/browse/JBEAP-22911" }, { "category": "external", "summary": "JBEAP-22912", "url": "https://issues.redhat.com/browse/JBEAP-22912" }, { "category": "external", "summary": "JBEAP-22913", "url": "https://issues.redhat.com/browse/JBEAP-22913" }, { "category": "external", "summary": "JBEAP-22935", "url": "https://issues.redhat.com/browse/JBEAP-22935" }, { "category": "external", "summary": "JBEAP-22945", "url": "https://issues.redhat.com/browse/JBEAP-22945" }, { "category": "external", "summary": "JBEAP-22973", "url": "https://issues.redhat.com/browse/JBEAP-22973" }, { "category": "external", "summary": "JBEAP-23038", "url": "https://issues.redhat.com/browse/JBEAP-23038" }, { "category": "external", "summary": "JBEAP-23040", "url": "https://issues.redhat.com/browse/JBEAP-23040" }, { "category": "external", "summary": "JBEAP-23045", "url": "https://issues.redhat.com/browse/JBEAP-23045" }, { "category": "external", "summary": "JBEAP-23101", "url": "https://issues.redhat.com/browse/JBEAP-23101" }, { "category": "external", "summary": "JBEAP-23105", "url": "https://issues.redhat.com/browse/JBEAP-23105" }, { "category": "external", "summary": "JBEAP-23143", "url": "https://issues.redhat.com/browse/JBEAP-23143" }, { "category": "external", "summary": "JBEAP-23177", "url": "https://issues.redhat.com/browse/JBEAP-23177" }, { "category": "external", "summary": "JBEAP-23323", "url": "https://issues.redhat.com/browse/JBEAP-23323" }, { "category": "external", "summary": "JBEAP-23373", "url": "https://issues.redhat.com/browse/JBEAP-23373" }, { "category": "external", "summary": "JBEAP-23374", "url": "https://issues.redhat.com/browse/JBEAP-23374" }, { "category": "external", "summary": "JBEAP-23375", "url": "https://issues.redhat.com/browse/JBEAP-23375" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1297.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "tracking": { "current_release_date": "2024-11-15T14:47:10+00:00", "generator": { "date": "2024-11-15T14:47:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1297", "initial_release_date": "2022-04-11T13:00:18+00:00", "revision_history": [ { "date": "2022-04-11T13:00:18+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-11T13:00:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:47:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.9-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.16-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.25-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-7.redhat_00034.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.11-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "product_id": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src", "product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el8eap?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.0-3.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64@2.2.0-2.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-15.Final_redhat_00014.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.4-3.GA_redhat_00011.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.11-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.11-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el8eap?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.0-3.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@2.2.0-3.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-15.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-15.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-15.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.4-3.GA_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.4-3.GA_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.4-3.GA_redhat_00011.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product_id": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64@2.2.0-2.Final_redhat_00002.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product_id": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64-debuginfo@2.2.0-2.Final_redhat_00002.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4104", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031667" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4104" }, { "category": "external", "summary": "RHBZ#2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301" }, { "category": "external", "summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", "url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/13/1" } ], "release_date": "2021-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" }, { "cve": "CVE-2022-23302", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041949" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker\u0027s JNDI LDAP endpoint.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23302" }, { "category": "external", "summary": "RHBZ#2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23302", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/3", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/3" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink" }, { "cve": "CVE-2022-23305", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041959" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23305" }, { "category": "external", "summary": "RHBZ#2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/4" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender" }, { "cve": "CVE-2022-23307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041967" } ], "notes": [ { "category": "description", "text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer", "title": "Vulnerability summary" }, { "category": "other", "text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23307" }, { "category": "external", "summary": "RHBZ#2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/5" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer" } ] }
rhsa-2022_0493
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.7.43 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.43. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:0492\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0493", "url": "https://access.redhat.com/errata/RHSA-2022:0493" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0493.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.43 security update", "tracking": { "current_release_date": "2022-02-16T11:29:00Z", "generator": { "date": "2023-07-01T05:21:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2022:0493", "initial_release_date": "2022-02-16T11:29:00Z", "revision_history": [ { "date": "2022-02-16T11:29:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202201261123.p0.g1987544.assembly.stream", "product": { "name": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202201261123.p0.g1987544.assembly.stream", "product_id": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202201261123.p0.g1987544.assembly.stream" } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8:v4.7.0-202202011649.p0.g70c7f85.assembly.stream", "product": { "name": "openshift4/network-tools-rhel8:v4.7.0-202202011649.p0.g70c7f85.assembly.stream", "product_id": "openshift4/network-tools-rhel8:v4.7.0-202202011649.p0.g70c7f85.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "product": { "name": "openshift4/ose-ansible-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "product_id": "openshift4/ose-ansible-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity:v4.7.0-202201261123.p0.g32653a9.assembly.stream", "product": { "name": "openshift4/ose-cluster-capacity:v4.7.0-202201261123.p0.g32653a9.assembly.stream", "product_id": "openshift4/ose-cluster-capacity:v4.7.0-202201261123.p0.g32653a9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "product_id": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator:v4.7.0-202201261123.p0.ga500af3.assembly.stream", "product": { "name": "openshift4/ose-cluster-nfd-operator:v4.7.0-202201261123.p0.ga500af3.assembly.stream", "product_id": "openshift4/ose-cluster-nfd-operator:v4.7.0-202201261123.p0.ga500af3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202201261123.p0.g2945596.assembly.stream", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202201261123.p0.g2945596.assembly.stream", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202201261123.p0.g2945596.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202201261123.p0.gd12134c.assembly.stream", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202201261123.p0.gd12134c.assembly.stream", "product_id": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202201261123.p0.gd12134c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-descheduler:v4.7.0-202201261123.p0.g7295089.assembly.stream", "product": { "name": "openshift4/ose-descheduler:v4.7.0-202201261123.p0.g7295089.assembly.stream", "product_id": "openshift4/ose-descheduler:v4.7.0-202201261123.p0.g7295089.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product": { "name": "openshift4/ose-egress-dns-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product_id": "openshift4/ose-egress-dns-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product": { "name": "openshift4/ose-egress-http-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product_id": "openshift4/ose-egress-http-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-egress-router:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product": { "name": "openshift4/ose-egress-router:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "product_id": "openshift4/ose-egress-router:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ghostunnel:v4.7.0-202201261123.p0.g7907399.assembly.stream", "product": { "name": "openshift4/ose-ghostunnel:v4.7.0-202201261123.p0.g7907399.assembly.stream", "product_id": "openshift4/ose-ghostunnel:v4.7.0-202201261123.p0.g7907399.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-helm-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "product": { "name": "openshift4/ose-helm-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "product_id": "openshift4/ose-helm-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202201261123.p0.g1987544.assembly.stream", "product": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202201261123.p0.g1987544.assembly.stream", "product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202201261123.p0.g1987544.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "product": { "name": "openshift4/ose-local-storage-diskmaker:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "product_id": "openshift4/ose-local-storage-diskmaker:v4.7.0-202201261123.p0.g56eb729.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202201261537.p0.g56eb729.assembly.stream", "product": { "name": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202201261537.p0.g56eb729.assembly.stream", "product_id": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202201261537.p0.g56eb729.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "product": { "name": "openshift4/ose-local-storage-operator:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "product_id": "openshift4/ose-local-storage-operator:v4.7.0-202201261123.p0.g56eb729.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202201261123.p0.ga054523.assembly.stream", "product": { "name": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202201261123.p0.ga054523.assembly.stream", "product_id": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202201261123.p0.ga054523.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-ansible-operator:v4.7.0-202201271626.p0.g3959be4.assembly.stream", "product": { "name": "openshift4/ose-metering-ansible-operator:v4.7.0-202201271626.p0.g3959be4.assembly.stream", "product_id": "openshift4/ose-metering-ansible-operator:v4.7.0-202201271626.p0.g3959be4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-hadoop:v4.7.0-202201271626.p0.g6046504.assembly.stream", "product": { "name": "openshift4/ose-metering-hadoop:v4.7.0-202201271626.p0.g6046504.assembly.stream", "product_id": "openshift4/ose-metering-hadoop:v4.7.0-202201271626.p0.g6046504.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202201261123.p0.gdccc202.assembly.stream", "product": { "name": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202201261123.p0.gdccc202.assembly.stream", "product_id": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202201261123.p0.gdccc202.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream", "product": { "name": "openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream", "product_id": "openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream", "product": { "name": "openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream", "product_id": "openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-reporting-operator:v4.7.0-202201261123.p0.g3959be4.assembly.stream", "product": { "name": "openshift4/ose-metering-reporting-operator:v4.7.0-202201261123.p0.g3959be4.assembly.stream", "product_id": "openshift4/ose-metering-reporting-operator:v4.7.0-202201261123.p0.g3959be4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery:v4.7.0-202201261123.p0.g5b1bc4f.assembly.stream", "product": { "name": "openshift4/ose-node-feature-discovery:v4.7.0-202201261123.p0.g5b1bc4f.assembly.stream", "product_id": "openshift4/ose-node-feature-discovery:v4.7.0-202201261123.p0.g5b1bc4f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202201261123.p0.g1acc3dd.assembly.stream", "product": { "name": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202201261123.p0.g1acc3dd.assembly.stream", "product_id": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202201261123.p0.g1acc3dd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "product": { "name": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "product_id": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202201261123.p0.g2cd576d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator:v4.7.0-202201261123.p0.g0853bcd.assembly.stream", "product": { "name": "openshift4/ose-ptp-operator:v4.7.0-202201261123.p0.g0853bcd.assembly.stream", "product_id": "openshift4/ose-ptp-operator:v4.7.0-202201261123.p0.g0853bcd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ptp:v4.7.0-202201261123.p0.g6602684.assembly.stream", "product": { "name": "openshift4/ose-ptp:v4.7.0-202201261123.p0.g6602684.assembly.stream", "product_id": "openshift4/ose-ptp:v4.7.0-202201261123.p0.g6602684.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8:v4.7.0-202201261123.p0.g39cfc66.assembly.stream", "product": { "name": "openshift4/ose-service-idler-rhel8:v4.7.0-202201261123.p0.g39cfc66.assembly.stream", "product_id": "openshift4/ose-service-idler-rhel8:v4.7.0-202201261123.p0.g39cfc66.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni:v4.7.0-202201261123.p0.g2ad0912.assembly.stream", "product": { "name": "openshift4/ose-sriov-cni:v4.7.0-202201261123.p0.g2ad0912.assembly.stream", "product_id": "openshift4/ose-sriov-cni:v4.7.0-202201261123.p0.g2ad0912.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202201261123.p0.g552c314.assembly.stream", "product": { "name": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202201261123.p0.g552c314.assembly.stream", "product_id": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202201261123.p0.g552c314.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202201261123.p0.g3a0d90c.assembly.stream", "product": { "name": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202201261123.p0.g3a0d90c.assembly.stream", "product_id": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202201261123.p0.g3a0d90c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "product": { "name": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "product_id": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202201261123.p0.g6d9de39.assembly.stream", "product": { "name": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202201261123.p0.g6d9de39.assembly.stream", "product_id": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202201261123.p0.g6d9de39.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "product": { "name": "openshift4/ose-sriov-network-operator:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "product_id": "openshift4/ose-sriov-network-operator:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "product": { "name": "openshift4/ose-sriov-network-webhook:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "product_id": "openshift4/ose-sriov-network-webhook:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "product": { "name": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "product_id": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202201261123.p0.g49937fc.assembly.stream", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202201261123.p0.g49937fc.assembly.stream", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202201261123.p0.g49937fc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202201261123.p0.g8b2e494.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ptp-must-gather-rhel8:v4.7.0-202201261123.p0.g0853bcd.assembly.stream", "product": { "name": "openshift4/ptp-must-gather-rhel8:v4.7.0-202201261123.p0.g0853bcd.assembly.stream", "product_id": "openshift4/ptp-must-gather-rhel8:v4.7.0-202201261123.p0.g0853bcd.assembly.stream" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202201261123.p0.g1987544.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202201261123.p0.g1987544.assembly.stream" }, "product_reference": "openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202201261123.p0.g1987544.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8:v4.7.0-202202011649.p0.g70c7f85.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/network-tools-rhel8:v4.7.0-202202011649.p0.g70c7f85.assembly.stream" }, "product_reference": "openshift4/network-tools-rhel8:v4.7.0-202202011649.p0.g70c7f85.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ansible-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream" }, "product_reference": "openshift4/ose-ansible-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity:v4.7.0-202201261123.p0.g32653a9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-capacity:v4.7.0-202201261123.p0.g32653a9.assembly.stream" }, "product_reference": "openshift4/ose-cluster-capacity:v4.7.0-202201261123.p0.g32653a9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator:v4.7.0-202201261123.p0.ga500af3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-cluster-nfd-operator:v4.7.0-202201261123.p0.ga500af3.assembly.stream" }, "product_reference": "openshift4/ose-cluster-nfd-operator:v4.7.0-202201261123.p0.ga500af3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202201261123.p0.g2945596.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202201261123.p0.g2945596.assembly.stream" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202201261123.p0.g2945596.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202201261123.p0.gd12134c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202201261123.p0.gd12134c.assembly.stream" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202201261123.p0.gd12134c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler:v4.7.0-202201261123.p0.g7295089.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-descheduler:v4.7.0-202201261123.p0.g7295089.assembly.stream" }, "product_reference": "openshift4/ose-descheduler:v4.7.0-202201261123.p0.g7295089.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-egress-dns-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" }, "product_reference": "openshift4/ose-egress-dns-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-egress-http-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" }, "product_reference": "openshift4/ose-egress-http-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router:v4.7.0-202201261123.p0.g0e45f63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-egress-router:v4.7.0-202201261123.p0.g0e45f63.assembly.stream" }, "product_reference": "openshift4/ose-egress-router:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ghostunnel:v4.7.0-202201261123.p0.g7907399.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ghostunnel:v4.7.0-202201261123.p0.g7907399.assembly.stream" }, "product_reference": "openshift4/ose-ghostunnel:v4.7.0-202201261123.p0.g7907399.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-helm-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream" }, "product_reference": "openshift4/ose-helm-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202201261123.p0.g1987544.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202201261123.p0.g1987544.assembly.stream" }, "product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202201261123.p0.g1987544.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker:v4.7.0-202201261123.p0.g56eb729.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-local-storage-diskmaker:v4.7.0-202201261123.p0.g56eb729.assembly.stream" }, "product_reference": "openshift4/ose-local-storage-diskmaker:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202201261537.p0.g56eb729.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202201261537.p0.g56eb729.assembly.stream" }, "product_reference": "openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202201261537.p0.g56eb729.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator:v4.7.0-202201261123.p0.g56eb729.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-local-storage-operator:v4.7.0-202201261123.p0.g56eb729.assembly.stream" }, "product_reference": "openshift4/ose-local-storage-operator:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202201261123.p0.ga054523.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-local-storage-static-provisioner:v4.7.0-202201261123.p0.ga054523.assembly.stream" }, "product_reference": "openshift4/ose-local-storage-static-provisioner:v4.7.0-202201261123.p0.ga054523.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-ansible-operator:v4.7.0-202201271626.p0.g3959be4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202201271626.p0.g3959be4.assembly.stream" }, "product_reference": "openshift4/ose-metering-ansible-operator:v4.7.0-202201271626.p0.g3959be4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hadoop:v4.7.0-202201271626.p0.g6046504.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop:v4.7.0-202201271626.p0.g6046504.assembly.stream" }, "product_reference": "openshift4/ose-metering-hadoop:v4.7.0-202201271626.p0.g6046504.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202201261123.p0.gdccc202.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202201261123.p0.gdccc202.assembly.stream" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8:v4.7.0-202201261123.p0.gdccc202.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream" }, "product_reference": "openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream" }, "product_reference": "openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-reporting-operator:v4.7.0-202201261123.p0.g3959be4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator:v4.7.0-202201261123.p0.g3959be4.assembly.stream" }, "product_reference": "openshift4/ose-metering-reporting-operator:v4.7.0-202201261123.p0.g3959be4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery:v4.7.0-202201261123.p0.g5b1bc4f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-node-feature-discovery:v4.7.0-202201261123.p0.g5b1bc4f.assembly.stream" }, "product_reference": "openshift4/ose-node-feature-discovery:v4.7.0-202201261123.p0.g5b1bc4f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202201261123.p0.g1acc3dd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-node-problem-detector-rhel8:v4.7.0-202201261123.p0.g1acc3dd.assembly.stream" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8:v4.7.0-202201261123.p0.g1acc3dd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202201261123.p0.g2cd576d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-operator-sdk-rhel8:v4.7.0-202201261123.p0.g2cd576d.assembly.stream" }, "product_reference": "openshift4/ose-operator-sdk-rhel8:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator:v4.7.0-202201261123.p0.g0853bcd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ptp-operator:v4.7.0-202201261123.p0.g0853bcd.assembly.stream" }, "product_reference": "openshift4/ose-ptp-operator:v4.7.0-202201261123.p0.g0853bcd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp:v4.7.0-202201261123.p0.g6602684.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-ptp:v4.7.0-202201261123.p0.g6602684.assembly.stream" }, "product_reference": "openshift4/ose-ptp:v4.7.0-202201261123.p0.g6602684.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8:v4.7.0-202201261123.p0.g39cfc66.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8:v4.7.0-202201261123.p0.g39cfc66.assembly.stream" }, "product_reference": "openshift4/ose-service-idler-rhel8:v4.7.0-202201261123.p0.g39cfc66.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni:v4.7.0-202201261123.p0.g2ad0912.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202201261123.p0.g2ad0912.assembly.stream" }, "product_reference": "openshift4/ose-sriov-cni:v4.7.0-202201261123.p0.g2ad0912.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202201261123.p0.g552c314.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller:v4.7.0-202201261123.p0.g552c314.assembly.stream" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller:v4.7.0-202201261123.p0.g552c314.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202201261123.p0.g3a0d90c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni:v4.7.0-202201261123.p0.g3a0d90c.assembly.stream" }, "product_reference": "openshift4/ose-sriov-infiniband-cni:v4.7.0-202201261123.p0.g3a0d90c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-config-daemon:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream" }, "product_reference": "openshift4/ose-sriov-network-config-daemon:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202201261123.p0.g6d9de39.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-device-plugin:v4.7.0-202201261123.p0.g6d9de39.assembly.stream" }, "product_reference": "openshift4/ose-sriov-network-device-plugin:v4.7.0-202201261123.p0.g6d9de39.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream" }, "product_reference": "openshift4/ose-sriov-network-operator:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-network-webhook:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream" }, "product_reference": "openshift4/ose-sriov-network-webhook:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-sriov-operator-must-gather:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream" }, "product_reference": "openshift4/ose-sriov-operator-must-gather:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202201261123.p0.g49937fc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202201261123.p0.g49937fc.assembly.stream" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202201261123.p0.g49937fc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202201261123.p0.g8b2e494.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202201261123.p0.g8b2e494.assembly.stream" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ptp-must-gather-rhel8:v4.7.0-202201261123.p0.g0853bcd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift4/ptp-must-gather-rhel8:v4.7.0-202201261123.p0.g0853bcd.assembly.stream" }, "product_reference": "openshift4/ptp-must-gather-rhel8:v4.7.0-202201261123.p0.g0853bcd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.7:openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202201261123.p0.g1987544.assembly.stream", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8:v4.7.0-202202011649.p0.g70c7f85.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-capacity:v4.7.0-202201261123.p0.g32653a9.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-nfd-operator:v4.7.0-202201261123.p0.ga500af3.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202201261123.p0.g2945596.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202201261123.p0.gd12134c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-descheduler:v4.7.0-202201261123.p0.g7295089.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-egress-dns-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-egress-http-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-egress-router:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ghostunnel:v4.7.0-202201261123.p0.g7907399.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-helm-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202201261123.p0.g1987544.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-local-storage-diskmaker:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202201261537.p0.g56eb729.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-local-storage-operator:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-local-storage-static-provisioner:v4.7.0-202201261123.p0.ga054523.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202201271626.p0.g3959be4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop:v4.7.0-202201271626.p0.g6046504.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202201261123.p0.gdccc202.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator:v4.7.0-202201261123.p0.g3959be4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-node-feature-discovery:v4.7.0-202201261123.p0.g5b1bc4f.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-node-problem-detector-rhel8:v4.7.0-202201261123.p0.g1acc3dd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-operator-sdk-rhel8:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ptp-operator:v4.7.0-202201261123.p0.g0853bcd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ptp:v4.7.0-202201261123.p0.g6602684.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8:v4.7.0-202201261123.p0.g39cfc66.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202201261123.p0.g2ad0912.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller:v4.7.0-202201261123.p0.g552c314.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni:v4.7.0-202201261123.p0.g3a0d90c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-config-daemon:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-device-plugin:v4.7.0-202201261123.p0.g6d9de39.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-webhook:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-operator-must-gather:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202201261123.p0.g49937fc.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "8Base-RHOSE-4.7:openshift4/ptp-must-gather-rhel8:v4.7.0-202201261123.p0.g0853bcd.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.7:openshift4/kubernetes-nmstate-rhel8-operator:v4.7.0-202201261123.p0.g1987544.assembly.stream", "8Base-RHOSE-4.7:openshift4/network-tools-rhel8:v4.7.0-202202011649.p0.g70c7f85.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ansible-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-capacity:v4.7.0-202201261123.p0.g32653a9.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.7.0-202201261123.p0.g3787d15.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-cluster-nfd-operator:v4.7.0-202201261123.p0.ga500af3.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.7.0-202201261123.p0.g2945596.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-clusterresourceoverride-rhel8:v4.7.0-202201261123.p0.gd12134c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-descheduler:v4.7.0-202201261123.p0.g7295089.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-egress-dns-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-egress-http-proxy:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-egress-router:v4.7.0-202201261123.p0.g0e45f63.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ghostunnel:v4.7.0-202201261123.p0.g7907399.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-helm-operator:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.7.0-202202020525.p0.g1383028.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.7.0-202201261123.p0.g1987544.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-local-storage-diskmaker:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-local-storage-mustgather-rhel8:v4.7.0-202201261537.p0.g56eb729.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-local-storage-operator:v4.7.0-202201261123.p0.g56eb729.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-local-storage-static-provisioner:v4.7.0-202201261123.p0.ga054523.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-ansible-operator:v4.7.0-202201271626.p0.g3959be4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-hadoop:v4.7.0-202201271626.p0.g6046504.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-helm-container-rhel8:v4.7.0-202201261123.p0.gdccc202.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-reporting-operator:v4.7.0-202201261123.p0.g3959be4.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-node-feature-discovery:v4.7.0-202201261123.p0.g5b1bc4f.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-node-problem-detector-rhel8:v4.7.0-202201261123.p0.g1acc3dd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-operator-sdk-rhel8:v4.7.0-202201261123.p0.g2cd576d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ptp-operator:v4.7.0-202201261123.p0.g0853bcd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-ptp:v4.7.0-202201261123.p0.g6602684.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-service-idler-rhel8:v4.7.0-202201261123.p0.g39cfc66.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-cni:v4.7.0-202201261123.p0.g2ad0912.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-dp-admission-controller:v4.7.0-202201261123.p0.g552c314.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-infiniband-cni:v4.7.0-202201261123.p0.g3a0d90c.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-config-daemon:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-device-plugin:v4.7.0-202201261123.p0.g6d9de39.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-operator:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-network-webhook:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-sriov-operator-must-gather:v4.7.0-202201261123.p0.gf6c2ccd.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202201261123.p0.g49937fc.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202201261123.p0.g8b2e494.assembly.stream", "8Base-RHOSE-4.7:openshift4/ptp-must-gather-rhel8:v4.7.0-202201261123.p0.g0853bcd.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "category": "external", "summary": "CVE-2021-44832", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "bz#2035951: CVE-2021-44832 log4j-core: remote code execution via JDBC Appender", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" } ], "release_date": "2021-12-28T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0493" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:openshift4/ose-metering-hive:v4.7.0-202201271626.p0.g12e974d.assembly.stream", "8Base-RHOSE-4.7:openshift4/ose-metering-presto:v4.7.0-202201271626.p0.g2155d34.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-12-28T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-44832 log4j-core: remote code execution via JDBC Appender" } ] }
rhsa-2022_0083
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat build of Eclipse Vert.x.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0083", "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=4.1.8", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=4.1.8" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0083.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.8 security update", "tracking": { "current_release_date": "2024-11-15T10:44:05+00:00", "generator": { "date": "2024-11-15T10:44:05+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0083", "initial_release_date": "2022-01-20T12:12:50+00:00", "revision_history": [ { "date": "2022-01-20T12:12:50+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T12:12:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:05+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Vert.x 4.1.8", "product": { "name": "Vert.x 4.1.8", "product_id": "Vert.x 4.1.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Vert.x 4.1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T12:12:50+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Vert.x 4.1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "Vert.x 4.1.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Vert.x 4.1.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Vert.x 4.1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T12:12:50+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Vert.x 4.1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "Vert.x 4.1.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Vert.x 4.1.8" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Vert.x 4.1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T12:12:50+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Vert.x 4.1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "Vert.x 4.1.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Vert.x 4.1.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" } ] }
rhsa-2022_0485
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.8.31 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:0484\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0485", "url": "https://access.redhat.com/errata/RHSA-2022:0485" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0485.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.31 security update", "tracking": { "current_release_date": "2024-11-15T10:47:49+00:00", "generator": { "date": "2024-11-15T10:47:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0485", "initial_release_date": "2022-02-16T15:04:02+00:00", "revision_history": [ { "date": "2022-02-16T15:04:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-02-16T15:04:03+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:47:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64", "product": { "name": "openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64", "product_id": "openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.8.0-202201261123.p0.g37691a4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64", "product": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64", "product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.8.0-202201261123.p0.g8e44437.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64", "product": { "name": "openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64", "product_id": "openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.8.0-202201261123.p0.gb9eec62.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64", "product": { "name": "openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64", "product_id": "openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ghostunnel\u0026tag=v4.8.0-202201261123.p0.g3f61070.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64", "product": { "name": "openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64", "product_id": "openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hadoop\u0026tag=v4.8.0-202201271626.p0.gebd9cb4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64", "product": { "name": "openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64", "product_id": "openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hive\u0026tag=v4.8.0-202201271626.p0.g8fb24af.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.8.0-202201261123.p0.g9edcb7c.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64", "product": { "name": "openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64", "product_id": "openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.8.0-202202070834.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64", "product": { "name": "openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64", "product_id": "openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.8.0-202202070834.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64", "product": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64", "product_id": "openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-static-provisioner\u0026tag=v4.8.0-202201261123.p0.ga829a11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64", "product": { "name": "openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64", "product_id": "openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.8.0-202201261123.p0.ga531700.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64", "product": { "name": "openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64", "product_id": "openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64", "product": { "name": "openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64", "product_id": "openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.8.0-202201261123.p0.g44c178f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64", "product": { "name": "openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64", "product_id": "openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64", "product": { "name": "openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64", "product_id": "openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64", "product": { "name": "openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64", "product_id": "openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64", "product": { "name": "openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64", "product_id": "openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64", "product_id": "openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.8.0-202201261123.p0.g39cfc66.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64", "product": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64", "product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel8\u0026tag=v4.8.0-202201261123.p0.g458be7e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.8.0-202201261123.p0.g1af4c42.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.g1af4c42.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64", "product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.8.0-202201261123.p0.g2a9f548.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.gfcdcef8.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64", "product": { "name": "openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64", "product_id": "openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64", "product": { "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64", "product_id": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.g458be7e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64", "product": { "name": "openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64", "product_id": "openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.8.0-202201261123.p0.g2ae5850.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64", "product": { "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64", "product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.8.0-202202071729.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64", "product": { "name": "openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64", "product_id": "openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator\u0026tag=v4.8.0-202202071729.p0.g0d7ecfb.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64", "product": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64", "product_id": "openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-helm-container-rhel8\u0026tag=v4.8.0-202201261123.p0.g8aaede2.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64", "product": { "name": "openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64", "product_id": "openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-reporting-operator\u0026tag=v4.8.0-202201261123.p0.g0d7ecfb.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64", "product": { "name": "openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64", "product_id": "openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.8.0-202201261123.p0.gd71faa4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.8.0-202201261123.p0.g7bbde4c.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.gef8ad45.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64", "product": { "name": "openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64", "product_id": "openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-presto\u0026tag=v4.8.0-202201271626.p0.gf1abc62.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64", "product": { "name": "openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64", "product_id": "openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64", "product_identification_helper": { "purl": "pkg:oci/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.8.0-202201261123.p0.gd71faa4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64", "product": { "name": "openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64", "product_id": "openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.8.0-202201261123.p0.gcc1edca.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.8.0-202201261123.p0.gd34636e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64", "product": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64", "product_id": "openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64", "product": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64", "product_id": "openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.8.0-202201261123.p0.g83bc63d.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64", "product": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64", "product_id": "openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-operator-must-gather\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64", "product_id": "openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64", "product": { "name": "openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64", "product_id": "openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le", "product": { "name": "openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le", "product_id": "openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.8.0-202201261123.p0.g37691a4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le", "product": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le", "product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.8.0-202201261123.p0.g8e44437.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le", "product": { "name": "openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le", "product_id": "openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.8.0-202201261123.p0.gb9eec62.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.8.0-202201261123.p0.g9edcb7c.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le", "product": { "name": "openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le", "product_id": "openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.8.0-202202070834.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le", "product": { "name": "openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le", "product_id": "openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.8.0-202202070834.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le", "product": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le", "product_id": "openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-static-provisioner\u0026tag=v4.8.0-202201261123.p0.ga829a11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le", "product": { "name": "openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le", "product_id": "openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.8.0-202201261123.p0.ga531700.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le", "product": { "name": "openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le", "product_id": "openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le", "product": { "name": "openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le", "product_id": "openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.8.0-202201261123.p0.g44c178f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le", "product": { "name": "openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le", "product_id": "openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le", "product": { "name": "openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le", "product_id": "openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le", "product": { "name": "openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le", "product_id": "openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le", "product": { "name": "openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le", "product_id": "openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le", "product_id": "openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.8.0-202201261123.p0.g39cfc66.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le", "product": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le", "product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel8\u0026tag=v4.8.0-202201261123.p0.g458be7e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.8.0-202201261123.p0.g1af4c42.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.g1af4c42.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le", "product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.8.0-202201261123.p0.g2a9f548.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.gfcdcef8.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le", "product": { "name": "openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le", "product_id": "openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le", "product": { "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le", "product_id": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.g458be7e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le", "product": { "name": "openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le", "product_id": "openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.8.0-202201261123.p0.g2ae5850.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le", "product": { "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le", "product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.8.0-202202071729.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le", "product": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le", "product_id": "openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-metering-helm-container-rhel8\u0026tag=v4.8.0-202201261123.p0.g8aaede2.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le", "product": { "name": "openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le", "product_id": "openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.8.0-202201261123.p0.gd71faa4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.8.0-202201261123.p0.g7bbde4c.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.gef8ad45.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le", "product": { "name": "openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le", "product_id": "openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.8.0-202201261123.p0.gd71faa4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le", "product": { "name": "openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le", "product_id": "openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.8.0-202201261123.p0.gcc1edca.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.8.0-202201261123.p0.gd34636e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le", "product": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le", "product_id": "openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le", "product": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le", "product_id": "openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.8.0-202201261123.p0.g83bc63d.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le", "product": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le", "product_id": "openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-operator-must-gather\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le", "product_id": "openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le", "product": { "name": "openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le", "product_id": "openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x", "product": { "name": "openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x", "product_id": "openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.8.0-202201261123.p0.g37691a4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x", "product": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x", "product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.8.0-202201261123.p0.g8e44437.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x", "product": { "name": "openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x", "product_id": "openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.8.0-202201261123.p0.gb9eec62.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.8.0-202201261123.p0.g9edcb7c.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x", "product": { "name": "openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x", "product_id": "openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.8.0-202202070834.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x", "product": { "name": "openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x", "product_id": "openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.8.0-202202070834.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x", "product": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x", "product_id": "openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-static-provisioner\u0026tag=v4.8.0-202201261123.p0.ga829a11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x", "product": { "name": "openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x", "product_id": "openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.8.0-202201261123.p0.ga531700.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x", "product": { "name": "openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x", "product_id": "openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x", "product": { "name": "openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x", "product_id": "openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.8.0-202201261123.p0.g44c178f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x", "product": { "name": "openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x", "product_id": "openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x", "product": { "name": "openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x", "product_id": "openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x", "product": { "name": "openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x", "product_id": "openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x", "product": { "name": "openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x", "product_id": "openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.8.0-202201261123.p0.gb35596f.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x", "product_id": "openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.8.0-202201261123.p0.g39cfc66.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x", "product": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x", "product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel8\u0026tag=v4.8.0-202201261123.p0.g458be7e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.8.0-202201261123.p0.g1af4c42.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.g1af4c42.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x", "product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.8.0-202201261123.p0.g2a9f548.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.gfcdcef8.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x", "product": { "name": "openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x", "product_id": "openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.8.0-202201261123.p0.gad38e11.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x", "product": { "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x", "product_id": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.g458be7e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x", "product": { "name": "openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x", "product_id": "openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.8.0-202201261123.p0.g2ae5850.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x", "product": { "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x", "product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.8.0-202202071729.p0.g7887ed0.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x", "product": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x", "product_id": "openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-metering-helm-container-rhel8\u0026tag=v4.8.0-202201261123.p0.g8aaede2.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x", "product": { "name": "openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x", "product_id": "openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.8.0-202201261123.p0.gd71faa4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.8.0-202201261123.p0.g7bbde4c.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.8.0-202201261123.p0.gef8ad45.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x", "product": { "name": "openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x", "product_id": "openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x", "product_identification_helper": { "purl": "pkg:oci/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.8.0-202201261123.p0.gd71faa4.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x", "product": { "name": "openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x", "product_id": "openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.8.0-202201261123.p0.gcc1edca.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.8.0-202201261123.p0.gd34636e.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x", "product": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x", "product_id": "openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x", "product": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x", "product_id": "openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.8.0-202201261123.p0.g83bc63d.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x", "product": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x", "product_id": "openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-operator-must-gather\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x", "product_id": "openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x", "product": { "name": "openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x", "product_id": "openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.8.0-202201261123.p0.g6ad9128.assembly.stream" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le" }, "product_reference": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x" }, "product_reference": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64" }, "product_reference": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le" }, "product_reference": "openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64" }, "product_reference": "openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x" }, "product_reference": "openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le" }, "product_reference": "openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x" }, "product_reference": "openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64" }, "product_reference": "openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x" }, "product_reference": "openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64" }, "product_reference": "openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le" }, "product_reference": "openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x" }, "product_reference": "openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le" }, "product_reference": "openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64" }, "product_reference": "openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le" }, "product_reference": "openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64" }, "product_reference": "openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x" }, "product_reference": "openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64" }, "product_reference": "openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x" }, "product_reference": "openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le" }, "product_reference": "openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le" }, "product_reference": "openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64" }, "product_reference": "openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x" }, "product_reference": "openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64" }, "product_reference": "openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le" }, "product_reference": "openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x" }, "product_reference": "openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64" }, "product_reference": "openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64" }, "product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x" }, "product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le" }, "product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x" }, "product_reference": "openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le" }, "product_reference": "openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64" }, "product_reference": "openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64" }, "product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x" }, "product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le" }, "product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le" }, "product_reference": "openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64" }, "product_reference": "openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x" }, "product_reference": "openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le" }, "product_reference": "openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x" }, "product_reference": "openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64" }, "product_reference": "openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64" }, "product_reference": "openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64" }, "product_reference": "openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64" }, "product_reference": "openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64" }, "product_reference": "openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64" }, "product_reference": "openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le" }, "product_reference": "openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x" }, "product_reference": "openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64" }, "product_reference": "openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le" }, "product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x" }, "product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64" }, "product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le" }, "product_reference": "openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64" }, "product_reference": "openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x" }, "product_reference": "openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64" }, "product_reference": "openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x" }, "product_reference": "openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le" }, "product_reference": "openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64" }, "product_reference": "openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le" }, "product_reference": "openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x" }, "product_reference": "openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64" }, "product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x" }, "product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64" }, "product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x" }, "product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x" }, "product_reference": "openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64" }, "product_reference": "openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le" }, "product_reference": "openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x" }, "product_reference": "openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64" }, "product_reference": "openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x" }, "product_reference": "openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64" }, "product_reference": "openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le" }, "product_reference": "openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le", "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x", "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x", "8Base-RHOSE-4.8:openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64" ], "known_not_affected": [ "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le", "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x", "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x", "8Base-RHOSE-4.8:openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-02-16T15:04:02+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0485" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:04af6b907f56fe1255345a4d5dd23908e6fe51b63da2d86812f0301f97b8abe8_ppc64le", "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:401efb6b2a736bc00475df75c05178f2b5a01a917e416b166ba77b084984bbb0_s390x", "8Base-RHOSE-4.8:openshift4/kubernetes-nmstate-rhel8-operator@sha256:bf92e1a223de2fe51d8e702f7bcd924e83378b99a249e76f1f8db7167a34e155_amd64", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:16268bec56efd542c49bdd5ce8934d7edfe81ee2e11f716bfba09afda1096ccd_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:317b636846f5a4da94b8a44eb87b9d34721da8b819debdcfecb726b8d74537c4_amd64", "8Base-RHOSE-4.8:openshift4/ose-ansible-operator@sha256:678e89a0851566628a99981a5e395fc2a88936e5f1552a7f205e0c4dc4f34e58_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:29eb94fd8e5cf6bd471ed30b0cd1d7f647588c14c93a148f8f332cd21ee94542_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:91d7fad60dbc99ea4b1393d9f47de64d145dd3302b199edb7922efbc3a223c40_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-capacity@sha256:a8b224b9187b51c7b6251488f84bc86ec5e54bad0515c1516d6f535a2ad5a6d7_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:24380dc5d13f84e5b3d35bcf6e183ab697a8b9f997c4808027dbe396a075e389_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:4210a5b83b7a6dce2e8b5e9c74b2c2858b4441c7e7046dc1bc47d13bade5b344_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7de02a3794875b503787352cc1ba1774ca2bc48e717668323b135f2b4d03bab2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:050f5694076ad7712ea486db9c3a6da60f14a6bcdefb93f09ae5a5d0d2350216_s390x", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:3e804e2a87f3d4466ec45163ec1b8a7f5f8621a8dafba7359639319def652df7_amd64", "8Base-RHOSE-4.8:openshift4/ose-cluster-nfd-operator@sha256:69325720dac7c66e759da3a932d6d11694b446809a2acd705bcd010662f119ac_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:a2b533899da262cc3dcdec64b353b4373c692c65795d092735110ffe14b1f405_s390x", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:e78a6496a8fe3bf67a1575cab28d8f9829ff2c9506cec53dc28cd08f1382641a_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f426e6f2bbd416978f1bc731e061eb908cd34736180e92a6d76cbcc00d494ea0_amd64", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:4361d04e51268ebc0048167a60b69b789b9e4158e819979a2996fc2a79a0183e_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:7f80896dc1acc9d9af477d753e7fafe3d828e5b35fb123fda05c272c93efaae4_amd64", "8Base-RHOSE-4.8:openshift4/ose-clusterresourceoverride-rhel8@sha256:862a2025b5f3a3e7569fe6fcdb08d008318daf7b7818dbff9bc571d053360ab1_s390x", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:4f9de0b544a418c728d7921b031268687b315273256b1b964de87602b552f559_s390x", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:b5ad38974bb046acc284d81615f89be45cc88ee94dd202715a84048ff666de39_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-descheduler@sha256:c646e3a5e81cff6f9e5fd0d590acff2a8ae1c0a36cb7bc5210f6285d8dc06817_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:45e93e144f0401c1b18a98864544e8e57439a5aae0937796a52cfbb5b5657620_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:7e578789946a853c299254cc9092f815c59333551fc7bcdf0cec4ee8bd0975f7_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-dns-proxy@sha256:fa2b319dade615c79b26363fa35ff7519b890ceca1a316ba7b4a13ac2dfe3392_s390x", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:26f61e722fc9110448b6c851d8c9e0e49c8d31ee6bbc678ea27767fe8351ad5b_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:39a831a45748dfd91a1d20f68481fbc82bd3fefa4cb5ff87aab478770582de2f_s390x", "8Base-RHOSE-4.8:openshift4/ose-egress-http-proxy@sha256:cef6c19c4b400e88a5231b626970ca205af002ae004f0e40c2bb5b3281abb44b_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:4b3083b15eb27c5f3359498c3d76eab277f55264b1d1f50a560176e2cf471bde_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:9c5ea6554b499063a4056685d22bc4b8e553bacbacd8f5b6c6c70029b7c691c2_amd64", "8Base-RHOSE-4.8:openshift4/ose-egress-router@sha256:c8948bfb7437e445a58323c456979829d738f69d192b308af112793a44ece6be_s390x", "8Base-RHOSE-4.8:openshift4/ose-ghostunnel@sha256:d24324d2a5f5db35706160389fd0504529847b610b67c946426dd2d5c580333c_amd64", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:2da0cd361bc6553072e88c8360dcf6d892ca6c3d34c98bdfa611105559373e98_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:aded3473d75a263d10d7f4f3db50366a00b1c592608c187f35e43dcf33d4cc92_s390x", "8Base-RHOSE-4.8:openshift4/ose-helm-operator@sha256:df4243dbedfc6b134f48d8e839c859a55070dd816fcebf64da40f1ff86d1a6e8_amd64", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:13d228ad69d3d76bd7af3eab87c2122016c29aca7930d83b7b084726ea62b3b6_amd64", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:3a1ede2d5f064cdc9c3dcae93122e30fe6acb8962905ea739484840c028767eb_s390x", "8Base-RHOSE-4.8:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:6df1c3e3f99b59c1dcc1ba4bc50aef9638ec28eeb4a358316b6b5c5eb9ce1c1a_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:4fb057e9824cccd554b9295e8c1b4cfc16ffb3eecc2211fa1e1a312f7a79c949_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:5e7b1da76d30b757db38feef9ac254d1e36b04fe8d6ffab13ba147d0cff88974_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-diskmaker@sha256:75bc3a0ac9201a825d2aaa1a8af28db620c40e95e25b5e1b6b3e00e507bccdcc_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:06a330662e9a8f5aeae9ae9f85db9f25d8b96821f86437a9198ef626979b9b23_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:7aa0f9ceaa8663081cf19d8a2c689d6356d467ce5ccfb1a6140101f5a47973b6_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-mustgather-rhel8@sha256:b83bc8b9652ca1d2ff55733ba68f8eaca1542e5318b6860935d12244b240a3f2_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:1867e7f843577448af26b84cdfb7489b295c5db3eb0faa1eac334b491bf96848_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:8bf7c9546ffbab5678776abe5a25460f3ffdc166ffbfb65f4a674bac26e0dfae_amd64", "8Base-RHOSE-4.8:openshift4/ose-local-storage-operator@sha256:b0ca8c3ea4511b5255ef9638f01fefaa6f2e93400a0409360c81d26e8ef8f493_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:030c266a9d55bd63d837fae36a1550a2607e684e8ccfd78fb229b2a028d8897f_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:2365ccb37a8f91f4ce8c0681e304f98f9468ccd3e7e9cb6bfe7e7179cdad9998_s390x", "8Base-RHOSE-4.8:openshift4/ose-local-storage-static-provisioner@sha256:bcff1893ff84874958f43dd84a22f56f7648dfda34236f4ad87e2a964cf33cd9_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-ansible-operator@sha256:7576005fb1ee5c89807a5c74c17a6beebdde06f39950d421354c8827e38dad37_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-hadoop@sha256:3a6ae11db1f9f60674295b5b9feebbc19e1c8318390a00dd1314f56adace118c_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:604d7a9033dd87cb30f0e9b35275432e0a6c7637e3cdf54c4710759e4f40ed18_s390x", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:687162ae42b470a8fcfa409380f335265fe608bac5d3bc9511046cf4640f5017_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-metering-helm-container-rhel8@sha256:982bc5a04515bf30e88eff06b742ee4b0720d26b2039aef229e89ea52bc4322a_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-reporting-operator@sha256:5bcd150f1b2752413a16deb287e08250e357ce220216df626ad5a9086c16ce6e_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:6db511807c1e544de32eb9baba909766c53eac4a721852420c6aabc8de4b8684_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:a2c9410fb28d810e26166c6d07af2885e4ac88ec73d95bf152da6e26e00f8086_s390x", "8Base-RHOSE-4.8:openshift4/ose-node-feature-discovery@sha256:d66763784469579e744a627d49d9e125f0d6c69ac3542336fd28c73180af98bb_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:05c5fff8726da0dbd9270314bf227eda559969e5abcbabd25078fa7e4f1e99eb_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:3fddde918aae7343b55fb4bdd8273d8a928030d95465cb4c699d92958761a7a1_amd64", "8Base-RHOSE-4.8:openshift4/ose-node-problem-detector-rhel8@sha256:5244cc96a46219c5ba7c1c52fd52c5c8a70d6534567caa47f01ed7fbc9a8e4e8_s390x", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:16080cfd97370db5530d0e58f87bfc2c9c784c2536ce3adc6a159f7ab9575ac9_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:7cb3e37cdab015a525dd1e7e9830c50d290ab64d939755aa733182fde5822282_s390x", "8Base-RHOSE-4.8:openshift4/ose-operator-sdk-rhel8@sha256:7f191475c9dd43d6b40efd4b565bf677af22b1b654e0f5d8829b4831abc715d5_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:4217ce881595e87ceab2fa0cf973b0fc991e0ebf73f6d5b267aaaecc3a03ad88_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:bb73adc511485987f4b20db03ef164ea82c28bf1fb3cf5c50ecaa3b8bd5e268f_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp-operator@sha256:d2e84963c0a4b8c4837c600dcd45a4ec85582dcb277cc5a342772cfaf37a02d6_s390x", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:3265800679156b9f4efebfe7f3d887ff804fa5eff6a33fcf4fdec96510a7d0a4_amd64", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:50f1a02f7ddd5e78a607a2d87e1a1d87e6d40dbab914c81a4b7c926446ae7c3f_s390x", "8Base-RHOSE-4.8:openshift4/ose-ptp@sha256:b72f280d30c133785e64681fbc8c9464c1d495815d066947a8904b6a1eac7554_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:748ff477aab34a52314b3a25c8bc7af0b79938e33c5b0b03d63c2be288884556_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:7655843623686ef2110b391115053ec888b3bfba3e93f7fa015a4ddf59a2c6e1_s390x", "8Base-RHOSE-4.8:openshift4/ose-service-idler-rhel8@sha256:dbc79719030b91a0879a1646a677fe7858f8e6552c496cfd5025430e6672d3c3_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:128e08b126309830bece2d61b1095318a44fdb6437a1264a98922b92a9b56339_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:4ead46ef89a7fc3c96a27426f1594f9403abe2d149f1a06f4e8c23a1435793a0_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-cni@sha256:de25d1ab45eec3791e0429c14cd159c2cf0e06f60538eea58a3884ba8ec0c437_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:035ee520fd3303409a8a622fbfdc092495705533e687afd5a507269ff2888672_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:3740692124ba1131c412665eb689db7d1fc90bc96df32905efa4c81295834a1d_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-dp-admission-controller@sha256:92fdeb3673145a77ff34decadc8a406cd05ce83afbbc848821717d2bc127f4db_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:4419994e773ba864245ad4763cecd5383e1782cf81f53977580ed5c70581a2a1_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:d3a01146298d996f4d5cc8114cb31c38fc332bbaa6056dbbc0c06580033df02f_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-infiniband-cni@sha256:e316ddfe57eb0f75f1d05f6b449f7f2746b345155729e037012d9081bcdfe11a_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:5d684abc03e26dd161328261d5c4c05f18afb91b92bb2e9e3934f371f7ae5e9c_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:e2210baeb0be9422275445e978f4f2ca2813476f0fdc39b239b9edb4add588a0_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-config-daemon@sha256:edee9914747f7b1a871dfbf8e0ada436fd853f9cb8b4f25bd6a3ae8f2d8b0851_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:7165575c0b49cf25bdafbb7390199d2a957322147fadfdce1401afc10dfcb37d_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:d5567efab982e51026761e1cb5a120f2eed54033550cbac5c4b78620b5a775ce_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-device-plugin@sha256:f54ddc9b51cc0878cb4771c8b55bee97ed02b003395f19ef9500c91cceccf134_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:34af2eab98fe5ead527de11fd495642f49e955e17064cc8cf1674b13b362efac_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:53bd17fd25accba8ed846c3906bfc140851c43cab9e599103a6df559d89b8323_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-operator@sha256:66ad156d2d59b0d47cedc94b9118e6e1107325ab5ba44375613f892d64d09956_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:3e648c0a96ae8024e5443782eb2afe8e3a2c716ee9dd20263fe3cad2d4c293dd_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:59dead9be2c8e873496653be6570c8aeffb1a9b420ba00200aae3506f1a1798e_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-network-webhook@sha256:e86bcdbfd6ac7e6cfb846d5a639a32f87f5500230044a8c299c28cfce1850f54_amd64", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:92b3d9d0f17b66c8856e795745282d0cc856cd2c8bf66dfa3beb9b0675fa5e1d_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:baa3b6da137bc048f57d656f938c71d26e8240f4a5a7d99dab584a1662d19188_s390x", "8Base-RHOSE-4.8:openshift4/ose-sriov-operator-must-gather@sha256:e8dc9605891487bf743f20225f2bff4add607946d9b97da24f06bc0a3a5c4b6d_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8894179aee32aea7d875499179bfc1783a1d81e052ee47499cb3b34ae7d4d18b_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9e1d1bf31fa04b05b46e04cb564361ae8387fa06da5ec019a475a11ef7ff9358_ppc64le", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:c1b1addb2f2a7c84de8e0c50e6015921bc5f8f19c6c3defe090fc643e2a59fc4_s390x", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:5ff00e93833c3d916988979303e7bc0fe21b1da50ecbfbbf4d0545ef45b535ab_amd64", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:818f036319edf0d327b3d7b8c474e62181b645091bd78039f8af6bc9d06ec3c2_s390x", "8Base-RHOSE-4.8:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a2ec2c2c86e2dbc1471758f25942d74489bf011bcc905d4e27edb38f57835ac3_ppc64le", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:16135e26bab08312237920621dfdda19de439cafa3496336a5bb036ba6aab810_s390x", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:7e7c5e847bec122955563c7c2ed9de3d798155ea77ad13c528fdc173b817e811_amd64", "8Base-RHOSE-4.8:openshift4/ptp-must-gather-rhel8@sha256:94572c353a049edb1ebc935a73a15e78ef399b9f15f3bb9b8bf376f1b37dff87_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:openshift4/ose-metering-hive@sha256:5431d1a3f9f479600db352feee682ce8e31d9b1d62f7c06e7fe0138a1aca7044_amd64", "8Base-RHOSE-4.8:openshift4/ose-metering-presto@sha256:cd1d23fd5dff2a78fba377fbb3b1c63d922877af09f17e1c1f898eeaa4891c03_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" } ] }
rhsa-2022_0216
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0216", "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "https://access.redhat.com/solutions/6577421", "url": "https://access.redhat.com/solutions/6577421" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0216.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update", "tracking": { "current_release_date": "2024-11-15T10:44:01+00:00", "generator": { "date": "2024-11-15T10:44:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0216", "initial_release_date": "2022-01-20T16:00:06+00:00", "revision_history": [ { "date": "2022-01-20T16:00:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T16:00:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "EAP 7.4 log4j async", "product": { "name": "EAP 7.4 log4j async", "product_id": "EAP 7.4 log4j async", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4 log4j async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T16:00:06+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4 log4j async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "EAP 7.4 log4j async" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP 7.4 log4j async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4 log4j async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T16:00:06+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4 log4j async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "EAP 7.4 log4j async" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "EAP 7.4 log4j async" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4 log4j async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T16:00:06+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4 log4j async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "EAP 7.4 log4j async" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP 7.4 log4j async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" } ] }
rhsa-2022_0205
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Data Grid is now available.\n \nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.\n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0205", "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=data.grid\u0026version=8.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=data.grid\u0026version=8.2" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0205.json" } ], "title": "Red Hat Security Advisory: Red Hat Data Grid 8.2.3 security update", "tracking": { "current_release_date": "2024-11-15T10:44:10+00:00", "generator": { "date": "2024-11-15T10:44:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0205", "initial_release_date": "2022-01-20T11:39:58+00:00", "revision_history": [ { "date": "2022-01-20T11:39:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T11:39:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 8.2.3", "product": { "name": "Red Hat Data Grid 8.2.3", "product_id": "Red Hat Data Grid 8.2.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:8.2" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.2.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T11:39:58+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[\u00b3] for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 8.2.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "Red Hat Data Grid 8.2.3" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.2.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.2.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T11:39:58+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[\u00b3] for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 8.2.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "Red Hat Data Grid 8.2.3" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.2.3" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.2.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T11:39:58+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[\u00b3] for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 8.2.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "Red Hat Data Grid 8.2.3" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.2.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" } ] }
rhsa-2022_0138
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat AMQ Streams 2.0.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.0.0 serves as a replacement for Red Hat AMQ Streams 1.8.4, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0138", "url": "https://access.redhat.com/errata/RHSA-2022:0138" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.0.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.0.0" }, { "category": "external", "summary": "1985223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985223" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2009041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009041" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0138.json" } ], "title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.0.0 release and security update", "tracking": { "current_release_date": "2024-11-15T10:43:22+00:00", "generator": { "date": "2024-11-15T10:43:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0138", "initial_release_date": "2022-01-13T15:25:07+00:00", "revision_history": [ { "date": "2022-01-13T15:25:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-13T15:25:08+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:43:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat AMQ Streams 2.0.0", "product": { "name": "Red Hat AMQ Streams 2.0.0", "product_id": "Red Hat AMQ Streams 2.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_streams:2" } } } ], "category": "product_family", "name": "Red Hat JBoss AMQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-34429", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-07-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1985223" } ], "notes": [ { "category": "description", "text": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: crafted URIs allow bypassing security constraints", "title": "Vulnerability summary" }, { "category": "other", "text": "OCP 3.11 is out of the support scope for Moderate and Low impact vulnerabilities because is already in the Maintenance Support phase, hence the affected OCP 3.11 component has been marked as \"ooss\".\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34429" }, { "category": "external", "summary": "RHBZ#1985223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985223" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34429", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34429" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34429", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34429" } ], "release_date": "2021-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-13T15:25:07+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: crafted URIs allow bypassing security constraints" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-13T15:25:07+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.0.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-13T15:25:07+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.0.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-38153", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2021-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2009041" } ], "notes": [ { "category": "description", "text": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-38153" }, { "category": "external", "summary": "RHBZ#2009041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38153", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153" } ], "release_date": "2021-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-13T15:25:07+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-13T15:25:07+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0138" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "Red Hat AMQ Streams 2.0.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-13T15:25:07+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0138" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "Red Hat AMQ Streams 2.0.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.0.0" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" } ] }
rhsa-2022_0203
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A micro version update for Fuse 7.8, 7.9, and 7.10 is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0203", "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.fuse\u0026version=7.08.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.fuse\u0026version=7.08.0" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.fuse\u0026version=7.09.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.fuse\u0026version=7.09.0" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.fuse\u0026version=7.10.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.fuse\u0026version=7.10.0" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "2030932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0203.json" } ], "title": "Red Hat Security Advisory: Red Hat Fuse 7.8-7.10 security update", "tracking": { "current_release_date": "2024-11-15T21:20:59+00:00", "generator": { "date": "2024-11-15T21:20:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0203", "initial_release_date": "2022-01-20T09:26:34+00:00", "revision_history": [ { "date": "2022-01-20T09:26:34+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T09:26:34+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T21:20:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1", "product": { "name": "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1", "product_id": "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Fuse" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44228", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030932" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only affects log4j versions between 2.0 and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "RHBZ#2030932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932" }, { "category": "external", "summary": "RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q", "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/", "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-10T02:01:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T09:26:34+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse product documentation pages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications", "product_ids": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "category": "workaround", "details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441", "product_ids": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] } ], "threats": [ { "category": "exploit_status", "date": "2021-12-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T09:26:34+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse product documentation pages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications", "product_ids": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T09:26:34+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse product documentation pages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications", "product_ids": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T09:26:34+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse product documentation pages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications", "product_ids": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" } ] }
rhsa-2022_0225
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for OpenShift Logging (5.0.12)\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Openshift Logging Bug Fix Release (5.0.12)\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0225", "url": "https://access.redhat.com/errata/RHSA-2022:0225" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "LOG-2089", "url": "https://issues.redhat.com/browse/LOG-2089" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0225.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.0.12)", "tracking": { "current_release_date": "2024-11-15T10:44:41+00:00", "generator": { "date": "2024-11-15T10:44:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0225", "initial_release_date": "2022-01-20T21:09:05+00:00", "revision_history": [ { "date": "2022-01-20T21:09:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T21:09:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.0", "product": { "name": "OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.12-1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.12-1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.12-1" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.12-1" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T21:09:05+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0225" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" } ] }
rhsa-2022_0467
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat AMQ Streams 1.6.7 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.6.7 serves as a replacement for Red Hat AMQ Streams 1.6.6, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0467", "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.6.7", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.6.7" }, { "category": "external", "summary": "2034388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0467.json" } ], "title": "Red Hat Security Advisory: Red Hat AMQ Streams 1.6.7 release and security update", "tracking": { "current_release_date": "2024-11-15T14:42:11+00:00", "generator": { "date": "2024-11-15T14:42:11+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0467", "initial_release_date": "2022-02-08T12:52:13+00:00", "revision_history": [ { "date": "2022-02-08T12:52:13+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-02-08T12:52:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:42:11+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat AMQ Streams 1.6.7", "product": { "name": "Red Hat AMQ Streams 1.6.7", "product_id": "Red Hat AMQ Streams 1.6.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_streams:1" } } } ], "category": "product_family", "name": "Red Hat JBoss AMQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Jordy Versmissen" ] } ], "cve": "CVE-2021-4178", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034388" } ], "notes": [ { "category": "description", "text": "A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes-client: Insecure deserialization in unmarshalYaml method", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat CodeReady Studio 12 is not affected by this flaw because it does not ship a vulnerable version of kubernetes-client; the version that it ships does not use SnakeYAML.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 1.6.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4178" }, { "category": "external", "summary": "RHBZ#2034388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4178", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4178" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178" } ], "release_date": "2022-01-05T15:05:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-02-08T12:52:13+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0467" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 1.6.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kubernetes-client: Insecure deserialization in unmarshalYaml method" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 1.6.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-02-08T12:52:13+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 1.6.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2022-23302", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041949" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker\u0027s JNDI LDAP endpoint.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 1.6.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23302" }, { "category": "external", "summary": "RHBZ#2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23302", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/3", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/3" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-02-08T12:52:13+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 1.6.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink" }, { "cve": "CVE-2022-23305", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2022-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041959" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 1.6.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23305" }, { "category": "external", "summary": "RHBZ#2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/4" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-02-08T12:52:13+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 1.6.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender" }, { "cve": "CVE-2022-23307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041967" } ], "notes": [ { "category": "description", "text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer", "title": "Vulnerability summary" }, { "category": "other", "text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 1.6.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23307" }, { "category": "external", "summary": "RHBZ#2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/5" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-02-08T12:52:13+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "category": "workaround", "details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", "product_ids": [ "Red Hat AMQ Streams 1.6.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 1.6.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer" } ] }
rhsa-2022_0181
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.6.54 is now available with updates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.54. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:0180\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0181", "url": "https://access.redhat.com/errata/RHSA-2022:0181" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0181.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.54 extras and security update", "tracking": { "current_release_date": "2022-01-27T08:24:00Z", "generator": { "date": "2023-07-01T05:19:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2022:0181", "initial_release_date": "2022-01-27T08:24:00Z", "revision_history": [ { "date": "2022-01-27T08:24:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/ose-ansible-operator:v4.6.0-202201111855.p0.gf65b49e.assembly.stream", "product": { "name": "openshift4/ose-ansible-operator:v4.6.0-202201111855.p0.gf65b49e.assembly.stream", "product_id": "openshift4/ose-ansible-operator:v4.6.0-202201111855.p0.gf65b49e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity:v4.6.0-202201111633.p0.g44065a4.assembly.stream", "product": { "name": "openshift4/ose-cluster-capacity:v4.6.0-202201111633.p0.g44065a4.assembly.stream", "product_id": "openshift4/ose-cluster-capacity:v4.6.0-202201111633.p0.g44065a4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "product_id": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-logging-operator:v4.6.0-202201181437.p0.g7f7eccc.assembly.stream", "product": { "name": "openshift4/ose-cluster-logging-operator:v4.6.0-202201181437.p0.g7f7eccc.assembly.stream", "product_id": "openshift4/ose-cluster-logging-operator:v4.6.0-202201181437.p0.g7f7eccc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator:v4.6.0-202201111633.p0.g791e21e.assembly.stream", "product": { "name": "openshift4/ose-cluster-nfd-operator:v4.6.0-202201111633.p0.g791e21e.assembly.stream", "product_id": "openshift4/ose-cluster-nfd-operator:v4.6.0-202201111633.p0.g791e21e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202201111633.p0.g9c75ad0.assembly.stream", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202201111633.p0.g9c75ad0.assembly.stream", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202201111633.p0.g9c75ad0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202201111633.p0.gfabfa8b.assembly.stream", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202201111633.p0.gfabfa8b.assembly.stream", "product_id": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202201111633.p0.gfabfa8b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-descheduler:v4.6.0-202201111633.p0.g4c0ed6d.assembly.stream", "product": { "name": "openshift4/ose-descheduler:v4.6.0-202201111633.p0.g4c0ed6d.assembly.stream", "product_id": "openshift4/ose-descheduler:v4.6.0-202201111633.p0.g4c0ed6d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy:v4.6.0-202201120855.p0.g618b71d.assembly.stream", "product": { "name": "openshift4/ose-egress-dns-proxy:v4.6.0-202201120855.p0.g618b71d.assembly.stream", "product_id": "openshift4/ose-egress-dns-proxy:v4.6.0-202201120855.p0.g618b71d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "product": { "name": "openshift4/ose-egress-http-proxy:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "product_id": "openshift4/ose-egress-http-proxy:v4.6.0-202201111633.p0.g618b71d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-egress-router:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "product": { "name": "openshift4/ose-egress-router:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "product_id": "openshift4/ose-egress-router:v4.6.0-202201111633.p0.g618b71d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-operator:v4.6.0-202201181437.p0.gd421c69.assembly.stream", "product": { "name": "openshift4/ose-elasticsearch-operator:v4.6.0-202201181437.p0.gd421c69.assembly.stream", "product_id": "openshift4/ose-elasticsearch-operator:v4.6.0-202201181437.p0.gd421c69.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-proxy:v4.6.0-202201111633.p0.g12d80b2.assembly.stream", "product": { "name": "openshift4/ose-elasticsearch-proxy:v4.6.0-202201111633.p0.g12d80b2.assembly.stream", "product_id": "openshift4/ose-elasticsearch-proxy:v4.6.0-202201111633.p0.g12d80b2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ghostunnel:v4.6.0-202201111633.p0.gd5ea7b7.assembly.stream", "product": { "name": "openshift4/ose-ghostunnel:v4.6.0-202201111633.p0.gd5ea7b7.assembly.stream", "product_id": "openshift4/ose-ghostunnel:v4.6.0-202201111633.p0.gd5ea7b7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-helm-operator:v4.6.0-202201111633.p0.gf65b49e.assembly.stream", "product": { "name": "openshift4/ose-helm-operator:v4.6.0-202201111633.p0.gf65b49e.assembly.stream", "product_id": "openshift4/ose-helm-operator:v4.6.0-202201111633.p0.gf65b49e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202201111855.p0.g3c3794f.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202201111855.p0.g3c3794f.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202201111855.p0.g3c3794f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "product": { "name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "product_id": "openshift4/ose-local-storage-diskmaker:v4.6.0-202201111633.p0.gfa3468d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "product": { "name": "openshift4/ose-local-storage-operator:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "product_id": "openshift4/ose-local-storage-operator:v4.6.0-202201111633.p0.gfa3468d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202201111633.p0.g9ee7458.assembly.stream", "product": { "name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202201111633.p0.g9ee7458.assembly.stream", "product_id": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202201111633.p0.g9ee7458.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-logging-curator5:v4.6.0-202201181437.p0.g181b827.assembly.stream", "product": { "name": "openshift4/ose-logging-curator5:v4.6.0-202201181437.p0.g181b827.assembly.stream", "product_id": "openshift4/ose-logging-curator5:v4.6.0-202201181437.p0.g181b827.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream", "product": { "name": "openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream", "product_id": "openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-logging-eventrouter:v4.6.0-202201111633.p0.g131cfe6.assembly.stream", "product": { "name": "openshift4/ose-logging-eventrouter:v4.6.0-202201111633.p0.g131cfe6.assembly.stream", "product_id": "openshift4/ose-logging-eventrouter:v4.6.0-202201111633.p0.g131cfe6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-logging-fluentd:v4.6.0-202201181437.p0.g181b827.assembly.stream", "product": { "name": "openshift4/ose-logging-fluentd:v4.6.0-202201181437.p0.g181b827.assembly.stream", "product_id": "openshift4/ose-logging-fluentd:v4.6.0-202201181437.p0.g181b827.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-logging-kibana6:v4.6.0-202201181437.p0.g181b827.assembly.stream", "product": { "name": "openshift4/ose-logging-kibana6:v4.6.0-202201181437.p0.g181b827.assembly.stream", "product_id": "openshift4/ose-logging-kibana6:v4.6.0-202201181437.p0.g181b827.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-ansible-operator:v4.6.0-202201111855.p0.gd74112d.assembly.stream", "product": { "name": "openshift4/ose-metering-ansible-operator:v4.6.0-202201111855.p0.gd74112d.assembly.stream", "product_id": "openshift4/ose-metering-ansible-operator:v4.6.0-202201111855.p0.gd74112d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-hadoop:v4.6.0-202201111633.p0.gf381145.assembly.stream", "product": { "name": "openshift4/ose-metering-hadoop:v4.6.0-202201111633.p0.gf381145.assembly.stream", "product_id": "openshift4/ose-metering-hadoop:v4.6.0-202201111633.p0.gf381145.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202201111633.p0.gcc06fc6.assembly.stream", "product": { "name": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202201111633.p0.gcc06fc6.assembly.stream", "product_id": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202201111633.p0.gcc06fc6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-hive:v4.6.0-202201111633.p0.gf139e12.assembly.stream", "product": { "name": "openshift4/ose-metering-hive:v4.6.0-202201111633.p0.gf139e12.assembly.stream", "product_id": "openshift4/ose-metering-hive:v4.6.0-202201111633.p0.gf139e12.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-presto:v4.6.0-202201111633.p0.g190688a.assembly.stream", "product": { "name": "openshift4/ose-metering-presto:v4.6.0-202201111633.p0.g190688a.assembly.stream", "product_id": "openshift4/ose-metering-presto:v4.6.0-202201111633.p0.g190688a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-metering-reporting-operator:v4.6.0-202201111633.p0.gd74112d.assembly.stream", "product": { "name": "openshift4/ose-metering-reporting-operator:v4.6.0-202201111633.p0.gd74112d.assembly.stream", "product_id": "openshift4/ose-metering-reporting-operator:v4.6.0-202201111633.p0.gd74112d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery:v4.6.0-202201111633.p0.ge75e467.assembly.stream", "product": { "name": "openshift4/ose-node-feature-discovery:v4.6.0-202201111633.p0.ge75e467.assembly.stream", "product_id": "openshift4/ose-node-feature-discovery:v4.6.0-202201111633.p0.ge75e467.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202201111633.p0.gb392f6d.assembly.stream", "product": { "name": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202201111633.p0.gb392f6d.assembly.stream", "product_id": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202201111633.p0.gb392f6d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator:v4.6.0-202201111855.p0.g97081b3.assembly.stream", "product": { "name": "openshift4/ose-ptp-operator:v4.6.0-202201111855.p0.g97081b3.assembly.stream", "product_id": "openshift4/ose-ptp-operator:v4.6.0-202201111855.p0.g97081b3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ptp:v4.6.0-202201111633.p0.g8f5a67a.assembly.stream", "product": { "name": "openshift4/ose-ptp:v4.6.0-202201111633.p0.g8f5a67a.assembly.stream", "product_id": "openshift4/ose-ptp:v4.6.0-202201111633.p0.g8f5a67a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8:v4.6.0-202201111633.p0.g39cfc66.assembly.stream", "product": { "name": "openshift4/ose-service-idler-rhel8:v4.6.0-202201111633.p0.g39cfc66.assembly.stream", "product_id": "openshift4/ose-service-idler-rhel8:v4.6.0-202201111633.p0.g39cfc66.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni:v4.6.0-202201111633.p0.gd209fd9.assembly.stream", "product": { "name": "openshift4/ose-sriov-cni:v4.6.0-202201111633.p0.gd209fd9.assembly.stream", "product_id": "openshift4/ose-sriov-cni:v4.6.0-202201111633.p0.gd209fd9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202201111633.p0.g907f1f6.assembly.stream", "product": { "name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202201111633.p0.g907f1f6.assembly.stream", "product_id": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202201111633.p0.g907f1f6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202201111633.p0.g8082d6e.assembly.stream", "product": { "name": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202201111633.p0.g8082d6e.assembly.stream", "product_id": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202201111633.p0.g8082d6e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "product": { "name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "product_id": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202201111855.p0.g67dd835.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202201111633.p0.g62be5ad.assembly.stream", "product": { "name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202201111633.p0.g62be5ad.assembly.stream", "product_id": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202201111633.p0.g62be5ad.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "product": { "name": "openshift4/ose-sriov-network-operator:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "product_id": "openshift4/ose-sriov-network-operator:v4.6.0-202201111855.p0.g67dd835.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "product": { "name": "openshift4/ose-sriov-network-webhook:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "product_id": "openshift4/ose-sriov-network-webhook:v4.6.0-202201111855.p0.g67dd835.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "product": { "name": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "product_id": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202201111855.p0.g67dd835.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202201111855.p0.gddfb5bf.assembly.stream", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202201111855.p0.gddfb5bf.assembly.stream", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202201111855.p0.gddfb5bf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202201111855.p0.ga19224c.assembly.stream", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202201111855.p0.ga19224c.assembly.stream", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202201111855.p0.ga19224c.assembly.stream" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator:v4.6.0-202201111855.p0.gf65b49e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202201111855.p0.gf65b49e.assembly.stream" }, "product_reference": "openshift4/ose-ansible-operator:v4.6.0-202201111855.p0.gf65b49e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity:v4.6.0-202201111633.p0.g44065a4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202201111633.p0.g44065a4.assembly.stream" }, "product_reference": "openshift4/ose-cluster-capacity:v4.6.0-202201111633.p0.g44065a4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-logging-operator:v4.6.0-202201181437.p0.g7f7eccc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202201181437.p0.g7f7eccc.assembly.stream" }, "product_reference": "openshift4/ose-cluster-logging-operator:v4.6.0-202201181437.p0.g7f7eccc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator:v4.6.0-202201111633.p0.g791e21e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202201111633.p0.g791e21e.assembly.stream" }, "product_reference": "openshift4/ose-cluster-nfd-operator:v4.6.0-202201111633.p0.g791e21e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202201111633.p0.g9c75ad0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202201111633.p0.g9c75ad0.assembly.stream" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202201111633.p0.g9c75ad0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202201111633.p0.gfabfa8b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202201111633.p0.gfabfa8b.assembly.stream" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202201111633.p0.gfabfa8b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler:v4.6.0-202201111633.p0.g4c0ed6d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202201111633.p0.g4c0ed6d.assembly.stream" }, "product_reference": "openshift4/ose-descheduler:v4.6.0-202201111633.p0.g4c0ed6d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy:v4.6.0-202201120855.p0.g618b71d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202201120855.p0.g618b71d.assembly.stream" }, "product_reference": "openshift4/ose-egress-dns-proxy:v4.6.0-202201120855.p0.g618b71d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy:v4.6.0-202201111633.p0.g618b71d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202201111633.p0.g618b71d.assembly.stream" }, "product_reference": "openshift4/ose-egress-http-proxy:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router:v4.6.0-202201111633.p0.g618b71d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202201111633.p0.g618b71d.assembly.stream" }, "product_reference": "openshift4/ose-egress-router:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-operator:v4.6.0-202201181437.p0.gd421c69.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202201181437.p0.gd421c69.assembly.stream" }, "product_reference": "openshift4/ose-elasticsearch-operator:v4.6.0-202201181437.p0.gd421c69.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-proxy:v4.6.0-202201111633.p0.g12d80b2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202201111633.p0.g12d80b2.assembly.stream" }, "product_reference": "openshift4/ose-elasticsearch-proxy:v4.6.0-202201111633.p0.g12d80b2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ghostunnel:v4.6.0-202201111633.p0.gd5ea7b7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202201111633.p0.gd5ea7b7.assembly.stream" }, "product_reference": "openshift4/ose-ghostunnel:v4.6.0-202201111633.p0.gd5ea7b7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator:v4.6.0-202201111633.p0.gf65b49e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202201111633.p0.gf65b49e.assembly.stream" }, "product_reference": "openshift4/ose-helm-operator:v4.6.0-202201111633.p0.gf65b49e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202201111855.p0.g3c3794f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202201111855.p0.g3c3794f.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202201111855.p0.g3c3794f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202201111633.p0.gfa3468d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202201111633.p0.gfa3468d.assembly.stream" }, "product_reference": "openshift4/ose-local-storage-diskmaker:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator:v4.6.0-202201111633.p0.gfa3468d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202201111633.p0.gfa3468d.assembly.stream" }, "product_reference": "openshift4/ose-local-storage-operator:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202201111633.p0.g9ee7458.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202201111633.p0.g9ee7458.assembly.stream" }, "product_reference": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202201111633.p0.g9ee7458.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-curator5:v4.6.0-202201181437.p0.g181b827.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202201181437.p0.g181b827.assembly.stream" }, "product_reference": "openshift4/ose-logging-curator5:v4.6.0-202201181437.p0.g181b827.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream" }, "product_reference": "openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-eventrouter:v4.6.0-202201111633.p0.g131cfe6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202201111633.p0.g131cfe6.assembly.stream" }, "product_reference": "openshift4/ose-logging-eventrouter:v4.6.0-202201111633.p0.g131cfe6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-fluentd:v4.6.0-202201181437.p0.g181b827.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202201181437.p0.g181b827.assembly.stream" }, "product_reference": "openshift4/ose-logging-fluentd:v4.6.0-202201181437.p0.g181b827.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-kibana6:v4.6.0-202201181437.p0.g181b827.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202201181437.p0.g181b827.assembly.stream" }, "product_reference": "openshift4/ose-logging-kibana6:v4.6.0-202201181437.p0.g181b827.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-ansible-operator:v4.6.0-202201111855.p0.gd74112d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202201111855.p0.gd74112d.assembly.stream" }, "product_reference": "openshift4/ose-metering-ansible-operator:v4.6.0-202201111855.p0.gd74112d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hadoop:v4.6.0-202201111633.p0.gf381145.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202201111633.p0.gf381145.assembly.stream" }, "product_reference": "openshift4/ose-metering-hadoop:v4.6.0-202201111633.p0.gf381145.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202201111633.p0.gcc06fc6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202201111633.p0.gcc06fc6.assembly.stream" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202201111633.p0.gcc06fc6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hive:v4.6.0-202201111633.p0.gf139e12.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202201111633.p0.gf139e12.assembly.stream" }, "product_reference": "openshift4/ose-metering-hive:v4.6.0-202201111633.p0.gf139e12.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-presto:v4.6.0-202201111633.p0.g190688a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202201111633.p0.g190688a.assembly.stream" }, "product_reference": "openshift4/ose-metering-presto:v4.6.0-202201111633.p0.g190688a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-reporting-operator:v4.6.0-202201111633.p0.gd74112d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202201111633.p0.gd74112d.assembly.stream" }, "product_reference": "openshift4/ose-metering-reporting-operator:v4.6.0-202201111633.p0.gd74112d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery:v4.6.0-202201111633.p0.ge75e467.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202201111633.p0.ge75e467.assembly.stream" }, "product_reference": "openshift4/ose-node-feature-discovery:v4.6.0-202201111633.p0.ge75e467.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202201111633.p0.gb392f6d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202201111633.p0.gb392f6d.assembly.stream" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202201111633.p0.gb392f6d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator:v4.6.0-202201111855.p0.g97081b3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202201111855.p0.g97081b3.assembly.stream" }, "product_reference": "openshift4/ose-ptp-operator:v4.6.0-202201111855.p0.g97081b3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp:v4.6.0-202201111633.p0.g8f5a67a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202201111633.p0.g8f5a67a.assembly.stream" }, "product_reference": "openshift4/ose-ptp:v4.6.0-202201111633.p0.g8f5a67a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8:v4.6.0-202201111633.p0.g39cfc66.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202201111633.p0.g39cfc66.assembly.stream" }, "product_reference": "openshift4/ose-service-idler-rhel8:v4.6.0-202201111633.p0.g39cfc66.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni:v4.6.0-202201111633.p0.gd209fd9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202201111633.p0.gd209fd9.assembly.stream" }, "product_reference": "openshift4/ose-sriov-cni:v4.6.0-202201111633.p0.gd209fd9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202201111633.p0.g907f1f6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202201111633.p0.g907f1f6.assembly.stream" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202201111633.p0.g907f1f6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202201111633.p0.g8082d6e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202201111633.p0.g8082d6e.assembly.stream" }, "product_reference": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202201111633.p0.g8082d6e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202201111855.p0.g67dd835.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202201111855.p0.g67dd835.assembly.stream" }, "product_reference": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202201111633.p0.g62be5ad.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202201111633.p0.g62be5ad.assembly.stream" }, "product_reference": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202201111633.p0.g62be5ad.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator:v4.6.0-202201111855.p0.g67dd835.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202201111855.p0.g67dd835.assembly.stream" }, "product_reference": "openshift4/ose-sriov-network-operator:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook:v4.6.0-202201111855.p0.g67dd835.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202201111855.p0.g67dd835.assembly.stream" }, "product_reference": "openshift4/ose-sriov-network-webhook:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202201111855.p0.g67dd835.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202201111855.p0.g67dd835.assembly.stream" }, "product_reference": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202201111855.p0.gddfb5bf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202201111855.p0.gddfb5bf.assembly.stream" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202201111855.p0.gddfb5bf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202201111855.p0.ga19224c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202201111855.p0.ga19224c.assembly.stream" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202201111855.p0.ga19224c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202201111855.p0.gf65b49e.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202201111633.p0.g44065a4.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202201181437.p0.g7f7eccc.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202201111633.p0.g791e21e.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202201111633.p0.g9c75ad0.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202201111633.p0.gfabfa8b.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202201111633.p0.g4c0ed6d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202201120855.p0.g618b71d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202201181437.p0.gd421c69.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202201111633.p0.g12d80b2.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202201111633.p0.gd5ea7b7.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202201111633.p0.gf65b49e.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202201111855.p0.g3c3794f.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202201111633.p0.g9ee7458.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202201181437.p0.g181b827.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202201111633.p0.g131cfe6.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202201181437.p0.g181b827.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202201181437.p0.g181b827.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202201111855.p0.gd74112d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202201111633.p0.gf381145.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202201111633.p0.gcc06fc6.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202201111633.p0.gf139e12.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202201111633.p0.g190688a.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202201111633.p0.gd74112d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202201111633.p0.ge75e467.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202201111633.p0.gb392f6d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202201111855.p0.g97081b3.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202201111633.p0.g8f5a67a.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202201111633.p0.g39cfc66.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202201111633.p0.gd209fd9.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202201111633.p0.g907f1f6.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202201111633.p0.g8082d6e.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202201111633.p0.g62be5ad.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202201111855.p0.gddfb5bf.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202201111855.p0.ga19224c.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202201111855.p0.gf65b49e.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202201111633.p0.g44065a4.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202201111855.p0.gbd1f995.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202201181437.p0.g7f7eccc.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202201111633.p0.g791e21e.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202201111633.p0.g9c75ad0.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202201111633.p0.gfabfa8b.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202201111633.p0.g4c0ed6d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202201120855.p0.g618b71d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202201111633.p0.g618b71d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202201181437.p0.gd421c69.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202201111633.p0.g12d80b2.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202201111633.p0.gd5ea7b7.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202201111633.p0.gf65b49e.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202201111855.p0.g3c3794f.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202201111633.p0.gfa3468d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202201111633.p0.g9ee7458.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202201181437.p0.g181b827.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202201111633.p0.g131cfe6.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202201181437.p0.g181b827.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202201181437.p0.g181b827.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202201111855.p0.gd74112d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202201111633.p0.gf381145.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202201111633.p0.gcc06fc6.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202201111633.p0.gf139e12.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202201111633.p0.g190688a.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202201111633.p0.gd74112d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202201111633.p0.ge75e467.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202201111633.p0.gb392f6d.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202201111855.p0.g97081b3.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202201111633.p0.g8f5a67a.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202201111633.p0.g39cfc66.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202201111633.p0.gd209fd9.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202201111633.p0.g907f1f6.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202201111633.p0.g8082d6e.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202201111633.p0.g62be5ad.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202201111855.p0.g67dd835.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202201111855.p0.gddfb5bf.assembly.stream", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202201111855.p0.ga19224c.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "category": "external", "summary": "CVE-2021-44832", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "bz#2035951: CVE-2021-44832 log4j-core: remote code execution via JDBC Appender", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" } ], "release_date": "2021-12-28T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0181" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202201181437.p0.g181b827.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-12-28T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-44832 log4j-core: remote code execution via JDBC Appender" } ] }
rhsa-2022_0230
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for OpenShift Logging (5.2.6)\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Logging Bug Fix Release (5.2.6)\n\nSecurity Fix(es):\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0230", "url": "https://access.redhat.com/errata/RHSA-2022:0230" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1940613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "LOG-2104", "url": "https://issues.redhat.com/browse/LOG-2104" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0230.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)", "tracking": { "current_release_date": "2024-11-15T10:44:10+00:00", "generator": { "date": "2024-11-15T10:44:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0230", "initial_release_date": "2022-01-21T19:04:46+00:00", "revision_history": [ { "date": "2022-01-21T19:04:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-21T19:04:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.2", "product": { "name": "OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.2::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.6-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.6-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-104" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-71" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-73" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-100" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-99" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-104" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-110" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.6-2" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.2.6-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.6-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.2.6-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-104" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-71" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-73" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-100" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-99" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-104" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-110" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.6-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.6-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-104" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-71" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-73" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-100" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-99" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-104" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-110" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-27292", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1940613" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header", "title": "Vulnerability summary" }, { "category": "other", "text": "While some components do package a vulnerable version of ua-parser-js, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM) \n - Red Hat OpenShift Jaeger (RHOSJ)\n - Red Hat OpenShift Logging\n\nThe OCP presto-container does ship the vulnerable component, however since OCP 4.6 the Metering product has been deprecated [1], set as wont-fix and may be fixed in a future release.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships graphql-tools that pulls 0.7.23 version of ua-parser-js that uses the affected code.\n\n[1] - https://access.redhat.com/solutions/5707561", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27292" }, { "category": "external", "summary": "RHBZ#1940613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27292", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27292" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292" }, { "category": "external", "summary": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76", "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76" } ], "release_date": "2021-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-21T19:04:46+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-21T19:04:46+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0230" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" } ] }
rhsa-2022_0236
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 3.11.570 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0236", "url": "https://access.redhat.com/errata/RHSA-2022:0236" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0236.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.570 security update", "tracking": { "current_release_date": "2024-11-15T10:44:46+00:00", "generator": { "date": "2024-11-15T10:44:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0236", "initial_release_date": "2022-01-25T15:25:30+00:00", "revision_history": [ { "date": "2022-01-25T15:25:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-25T15:25:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.11", "product": { "name": "Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.11::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64", "product": { "name": "openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64", "product_id": "openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea?arch=amd64\u0026repository_url=registry.redhat.io/openshift3/ose-logging-curator5\u0026tag=v3.11.570-2.ge84e80c" } } }, { "category": "product_version", "name": "openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64", "product": { "name": "openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64", "product_id": "openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f?arch=amd64\u0026repository_url=registry.redhat.io/openshift3/ose-logging-elasticsearch5\u0026tag=v3.11.570-2.ge84e80c" } } }, { "category": "product_version", "name": "openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64", "product": { "name": "openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64", "product_id": "openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209?arch=amd64\u0026repository_url=registry.redhat.io/openshift3/ose-logging-eventrouter\u0026tag=v3.11.570-2" } } }, { "category": "product_version", "name": "openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "product": { "name": "openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "product_id": "openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012?arch=amd64\u0026repository_url=registry.redhat.io/openshift3/ose-logging-fluentd\u0026tag=v3.11.570-2.ge84e80c" } } }, { "category": "product_version", "name": "openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "product": { "name": "openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "product_id": "openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012?arch=amd64\u0026repository_url=registry.redhat.io/openshift3/logging-fluentd\u0026tag=v3.11.570-2.ge84e80c" } } }, { "category": "product_version", "name": "openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64", "product": { "name": "openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64", "product_id": "openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860?arch=amd64\u0026repository_url=registry.redhat.io/openshift3/ose-logging-kibana5\u0026tag=v3.11.570-2.ge84e80c" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64" }, "product_reference": "openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64" }, "product_reference": "openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64" }, "product_reference": "openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64" }, "product_reference": "openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64" }, "product_reference": "openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64" }, "product_reference": "openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-25T15:25:30+00:00", "details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html", "product_ids": [ "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0236" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "7Server-RH7-RHOSE-3.11:openshift3/logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-curator5@sha256:615464e77119620f0e248dc8702c790fc12e004393fcef65731b7ab0c8fe51ea_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-eventrouter@sha256:cc44602e7ec89f3c145288c4e65f0d3d418454fcf4147aa7a1deafeda9329209_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-fluentd@sha256:d8de79c838c86c85fba55880ff3b59cfb8c6f89b0e092d65e13833d10a949012_amd64", "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-kibana5@sha256:531d1444a26b4c38316fd7e46e7d619a519e7a2d1b0a78567949160eb0196860_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:openshift3/ose-logging-elasticsearch5@sha256:730f0aea1c470224fbe8a4c3e2ad0600bb213f39b79aa5b473146bae50a28b4f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" } ] }
rhsa-2022_0222
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n\nRed Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA and includes the following security Fix(es):\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0222", "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2022-Q1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2022-Q1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1", "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0222.json" } ], "title": "Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.2 security update", "tracking": { "current_release_date": "2024-11-15T10:44:25+00:00", "generator": { "date": "2024-11-15T10:44:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0222", "initial_release_date": "2022-01-20T18:54:26+00:00", "revision_history": [ { "date": "2022-01-20T18:54:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-20T18:54:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:44:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Integration Camel Extensions for Quarkus 2.2", "product": { "name": "Red Hat Integration Camel Extensions for Quarkus 2.2", "product_id": "Red Hat Integration Camel Extensions for Quarkus 2.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:camel_quarkus:2.2" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T18:54:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T18:54:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-01-20T18:54:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Integration Camel Extensions for Quarkus 2.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" } ] }
rhsa-2022_1296
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1296", "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "JBEAP-22105", "url": "https://issues.redhat.com/browse/JBEAP-22105" }, { "category": "external", "summary": "JBEAP-22385", "url": "https://issues.redhat.com/browse/JBEAP-22385" }, { "category": "external", "summary": "JBEAP-22731", "url": "https://issues.redhat.com/browse/JBEAP-22731" }, { "category": "external", "summary": "JBEAP-22738", "url": "https://issues.redhat.com/browse/JBEAP-22738" }, { "category": "external", "summary": "JBEAP-22819", "url": "https://issues.redhat.com/browse/JBEAP-22819" }, { "category": "external", "summary": "JBEAP-22839", "url": "https://issues.redhat.com/browse/JBEAP-22839" }, { "category": "external", "summary": "JBEAP-22864", "url": "https://issues.redhat.com/browse/JBEAP-22864" }, { "category": "external", "summary": "JBEAP-22899", "url": "https://issues.redhat.com/browse/JBEAP-22899" }, { "category": "external", "summary": "JBEAP-22904", "url": "https://issues.redhat.com/browse/JBEAP-22904" }, { "category": "external", "summary": "JBEAP-22911", "url": "https://issues.redhat.com/browse/JBEAP-22911" }, { "category": "external", "summary": "JBEAP-22912", "url": "https://issues.redhat.com/browse/JBEAP-22912" }, { "category": "external", "summary": "JBEAP-22913", "url": "https://issues.redhat.com/browse/JBEAP-22913" }, { "category": "external", "summary": "JBEAP-22935", "url": "https://issues.redhat.com/browse/JBEAP-22935" }, { "category": "external", "summary": "JBEAP-22945", "url": "https://issues.redhat.com/browse/JBEAP-22945" }, { "category": "external", "summary": "JBEAP-22973", "url": "https://issues.redhat.com/browse/JBEAP-22973" }, { "category": "external", "summary": "JBEAP-23038", "url": "https://issues.redhat.com/browse/JBEAP-23038" }, { "category": "external", "summary": "JBEAP-23040", "url": "https://issues.redhat.com/browse/JBEAP-23040" }, { "category": "external", "summary": "JBEAP-23045", "url": "https://issues.redhat.com/browse/JBEAP-23045" }, { "category": "external", "summary": "JBEAP-23101", "url": "https://issues.redhat.com/browse/JBEAP-23101" }, { "category": "external", "summary": "JBEAP-23105", "url": "https://issues.redhat.com/browse/JBEAP-23105" }, { "category": "external", "summary": "JBEAP-23143", "url": "https://issues.redhat.com/browse/JBEAP-23143" }, { "category": "external", "summary": "JBEAP-23177", "url": "https://issues.redhat.com/browse/JBEAP-23177" }, { "category": "external", "summary": "JBEAP-23323", "url": "https://issues.redhat.com/browse/JBEAP-23323" }, { "category": "external", "summary": "JBEAP-23373", "url": "https://issues.redhat.com/browse/JBEAP-23373" }, { "category": "external", "summary": "JBEAP-23374", "url": "https://issues.redhat.com/browse/JBEAP-23374" }, { "category": "external", "summary": "JBEAP-23375", "url": "https://issues.redhat.com/browse/JBEAP-23375" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1296.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "tracking": { "current_release_date": "2024-11-15T14:47:17+00:00", "generator": { "date": "2024-11-15T14:47:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1296", "initial_release_date": "2022-04-11T12:59:41+00:00", "revision_history": [ { "date": "2022-04-11T12:59:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-11T12:59:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:47:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.6-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.9-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.16-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.25-1.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-7.redhat_00034.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.11-1.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "product_id": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src", "product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el7eap?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64@2.2.0-2.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.0-3.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-15.Final_redhat_00014.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.4-3.GA_redhat_00011.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.6-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-7.redhat_00034.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.11-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.11-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el7eap?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.0-3.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@2.2.0-3.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-15.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-15.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-15.Final_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "product_id": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64@2.2.0-2.Final_redhat_00002.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "product_id": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64-debuginfo@2.2.0-2.Final_redhat_00002.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4104", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031667" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4104" }, { "category": "external", "summary": "RHBZ#2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301" }, { "category": "external", "summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", "url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/13/1" } ], "release_date": "2021-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T12:59:41+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T12:59:41+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T12:59:41+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T12:59:41+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" }, { "cve": "CVE-2022-23302", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041949" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker\u0027s JNDI LDAP endpoint.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23302" }, { "category": "external", "summary": "RHBZ#2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23302", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/3", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/3" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T12:59:41+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink" }, { "cve": "CVE-2022-23305", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041959" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23305" }, { "category": "external", "summary": "RHBZ#2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/4" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T12:59:41+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender" }, { "cve": "CVE-2022-23307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041967" } ], "notes": [ { "category": "description", "text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer", "title": "Vulnerability summary" }, { "category": "other", "text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23307" }, { "category": "external", "summary": "RHBZ#2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/5" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T12:59:41+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "workaround", "details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer" } ] }
wid-sec-w-2024-0064
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nBei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. \r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper JUNOS Evolved, Juniper SRX Series, Juniper EX Series, Juniper QFX Series, Juniper ACX Series, Juniper PTX Series und Juniper MX Series ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und seine Berechtigungen zu erweitern.", "title": "Angriff" }, { "category": "general", "text": "- BIOS/Firmware\n- Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0064 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0064.json" }, { "category": "self", "summary": "WID-SEC-2024-0064 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0064" }, { "category": "external", "summary": "Juniper Security Advisory JSA11272 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA11272" }, { "category": "external", "summary": "Juniper Security Advisory JSA75233 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75233" }, { "category": "external", "summary": "Juniper Security Advisory JSA75721 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75721" }, { "category": "external", "summary": "Juniper Security Advisory JSA75723 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75723" }, { "category": "external", "summary": "Juniper Security Advisory JSA75725 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75725" }, { "category": "external", "summary": "Juniper Security Advisory JSA75727 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75727" }, { "category": "external", "summary": "Juniper Security Advisory JSA75729 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75729" }, { "category": "external", "summary": "Juniper Security Advisory JSA75730 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75730" }, { "category": "external", "summary": "Juniper Security Advisory JSA75733 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75733" }, { "category": "external", "summary": "Juniper Security Advisory JSA75734 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75734" }, { "category": "external", "summary": "Juniper Security Advisory JSA75735 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75735" }, { "category": "external", "summary": "Juniper Security Advisory JSA75736 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75736" }, { "category": "external", "summary": "Juniper Security Advisory JSA75737 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75737" }, { "category": "external", "summary": "Juniper Security Advisory JSA75738 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75738" }, { "category": "external", "summary": "Juniper Security Advisory JSA75740 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75740" }, { "category": "external", "summary": "Juniper Security Advisory JSA75741 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75741" }, { "category": "external", "summary": "Juniper Security Advisory JSA75742 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75742" }, { "category": "external", "summary": "Juniper Security Advisory JSA75743 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75743" }, { "category": "external", "summary": "Juniper Security Advisory JSA75744 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75744" }, { "category": "external", "summary": "Juniper Security Advisory JSA75745 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75745" }, { "category": "external", "summary": "Juniper Security Advisory JSA75747 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75747" }, { "category": "external", "summary": "Juniper Security Advisory JSA75748 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75748" }, { "category": "external", "summary": "Juniper Security Advisory JSA75752 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75752" }, { "category": "external", "summary": "Juniper Security Advisory JSA75753 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75753" }, { "category": "external", "summary": "Juniper Security Advisory JSA75754 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75754" }, { "category": "external", "summary": "Juniper Security Advisory JSA75755 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75755" }, { "category": "external", "summary": "Juniper Security Advisory JSA75757 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75757" }, { "category": "external", "summary": "Juniper Security Advisory JSA75758 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75758" } ], "source_lang": "en-US", "title": "Juniper Produkte: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-10T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:09.941+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0064", "initial_release_date": "2024-01-10T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-10T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Juniper EX Series", "product": { "name": "Juniper EX Series", "product_id": "T019811", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:-" } } }, { "category": "product_name", "name": "Juniper EX Series 4600", "product": { "name": "Juniper EX Series 4600", "product_id": "T021598", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:ex4600" } } }, { "category": "product_name", "name": "Juniper EX Series 4100", "product": { "name": "Juniper EX Series 4100", "product_id": "T030475", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:4100" } } }, { "category": "product_name", "name": "Juniper EX Series 4400", "product": { "name": "Juniper EX Series 4400", "product_id": "T030476", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:4400" } } }, { "category": "product_name", "name": "Juniper EX Series EX9200", "product": { "name": "Juniper EX Series EX9200", "product_id": "T031997", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:ex9200" } } } ], "category": "product_name", "name": "EX Series" }, { "branches": [ { "category": "product_name", "name": "Juniper JUNOS Evolved", "product": { "name": "Juniper JUNOS Evolved", "product_id": "T018886", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:evolved" } } }, { "category": "product_name", "name": "Juniper JUNOS PTX Series", "product": { "name": "Juniper JUNOS PTX Series", "product_id": "T023853", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:ptx_series" } } }, { "category": "product_name", "name": "Juniper JUNOS", "product": { "name": "Juniper JUNOS", "product_id": "T030471", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:-" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7024", "product": { "name": "Juniper JUNOS ACX7024", "product_id": "T031994", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7024" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7100-32C", "product": { "name": "Juniper JUNOS ACX7100-32C", "product_id": "T031995", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7100-32c" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7100-48L", "product": { "name": "Juniper JUNOS ACX7100-48L", "product_id": "T031996", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7100-48l" } } } ], "category": "product_name", "name": "JUNOS" }, { "category": "product_name", "name": "Juniper MX Series", "product": { "name": "Juniper MX Series", "product_id": "918766", "product_identification_helper": { "cpe": "cpe:/h:juniper:mx:-" } } }, { "category": "product_name", "name": "Juniper QFX Series 5000", "product": { "name": "Juniper QFX Series 5000", "product_id": "T021597", "product_identification_helper": { "cpe": "cpe:/h:juniper:qfx:qfx5000" } } }, { "category": "product_name", "name": "Juniper SRX Series", "product": { "name": "Juniper SRX Series", "product_id": "T021593", "product_identification_helper": { "cpe": "cpe:/h:juniper:srx_service_gateways:-" } } } ], "category": "vendor", "name": "Juniper" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2873", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2873" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-25265", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-25265" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23307" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-22942", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-22942" }, { "cve": "CVE-2022-2196", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2196" }, { "cve": "CVE-2022-21699", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-21699" }, { "cve": "CVE-2022-20141", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-20141" }, { "cve": "CVE-2022-1789", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1789" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-0934", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-0934" }, { "cve": "CVE-2022-0330", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-0330" }, { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44832" }, { "cve": "CVE-2021-44790", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44790" }, { "cve": "CVE-2021-44228", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44228" }, { "cve": "CVE-2021-4155", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-4155" }, { "cve": "CVE-2021-39275", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-39275" }, { "cve": "CVE-2021-3752", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3752" }, { "cve": "CVE-2021-3621", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3621" }, { "cve": "CVE-2021-3573", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3573" }, { "cve": "CVE-2021-3564", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3564" }, { "cve": "CVE-2021-34798", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-34798" }, { "cve": "CVE-2021-33656", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-33656" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-26691", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-26691" }, { "cve": "CVE-2021-26341", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-26341" }, { "cve": "CVE-2021-25220", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-25220" }, { "cve": "CVE-2021-0920", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-0920" }, { "cve": "CVE-2020-9493", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-9493" }, { "cve": "CVE-2020-12321", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-12321" }, { "cve": "CVE-2020-0466", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-0466" }, { "cve": "CVE-2020-0465", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-0465" }, { "cve": "CVE-2019-17571", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2019-17571" }, { "cve": "CVE-2016-2183", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2016-2183" }, { "cve": "CVE-2024-21617", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21617" }, { "cve": "CVE-2024-21616", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21616" }, { "cve": "CVE-2024-21614", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21614" }, { "cve": "CVE-2024-21613", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21613" }, { "cve": "CVE-2024-21612", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21612" }, { "cve": "CVE-2024-21611", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21611" }, { "cve": "CVE-2024-21607", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21607" }, { "cve": "CVE-2024-21606", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21606" }, { "cve": "CVE-2024-21604", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21604" }, { "cve": "CVE-2024-21603", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21603" }, { "cve": "CVE-2024-21602", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21602" }, { "cve": "CVE-2024-21601", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21601" }, { "cve": "CVE-2024-21600", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21600" }, { "cve": "CVE-2024-21599", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21599" }, { "cve": "CVE-2024-21597", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21597" }, { "cve": "CVE-2024-21596", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21596" }, { "cve": "CVE-2024-21595", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21595" }, { "cve": "CVE-2024-21594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21594" }, { "cve": "CVE-2024-21591", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21591" }, { "cve": "CVE-2024-21589", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21589" }, { "cve": "CVE-2024-21587", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21587" }, { "cve": "CVE-2024-21585", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21585" }, { "cve": "CVE-2023-38802", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-38802" }, { "cve": "CVE-2023-38408", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-38408" }, { "cve": "CVE-2023-3817", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3817" }, { "cve": "CVE-2023-36842", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-36842" }, { "cve": "CVE-2023-3446", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3446" }, { "cve": "CVE-2023-3341", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3341" }, { "cve": "CVE-2023-32360", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-32360" }, { "cve": "CVE-2023-32067", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-32067" }, { "cve": "CVE-2023-2828", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2828" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-26464", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-26464" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-23920", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23920" }, { "cve": "CVE-2023-23918", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23918" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-2235", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2235" }, { "cve": "CVE-2023-22081", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22081" }, { "cve": "CVE-2023-22049", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22049" }, { "cve": "CVE-2023-22045", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22045" }, { "cve": "CVE-2023-21968", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21968" }, { "cve": "CVE-2023-21967", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21967" }, { "cve": "CVE-2023-21954", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21954" }, { "cve": "CVE-2023-2194", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2194" }, { "cve": "CVE-2023-21939", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21939" }, { "cve": "CVE-2023-21938", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21938" }, { "cve": "CVE-2023-21937", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21937" }, { "cve": "CVE-2023-21930", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21930" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-2124", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2124" }, { "cve": "CVE-2023-20593", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-20593" }, { "cve": "CVE-2023-20569", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-20569" }, { "cve": "CVE-2023-1829", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1829" }, { "cve": "CVE-2023-1582", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1582" }, { "cve": "CVE-2023-1281", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1281" }, { "cve": "CVE-2023-1195", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1195" }, { "cve": "CVE-2023-0767", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0767" }, { "cve": "CVE-2023-0461", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0461" }, { "cve": "CVE-2023-0394", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0394" }, { "cve": "CVE-2023-0386", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0386" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0266", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0266" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-43945", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-43945" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42722", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42722" }, { "cve": "CVE-2022-42721", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42721" }, { "cve": "CVE-2022-42720", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42720" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-4269", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4269" }, { "cve": "CVE-2022-4254", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4254" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-41674", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41674" }, { "cve": "CVE-2022-4139", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4139" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-41222", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41222" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-39189", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-39189" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-38023", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-38023" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-3707", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3707" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-3625", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3625" }, { "cve": "CVE-2022-3623", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3623" }, { "cve": "CVE-2022-3619", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3619" }, { "cve": "CVE-2022-3567", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3567" }, { "cve": "CVE-2022-3566", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3566" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-3239", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3239" }, { "cve": "CVE-2022-30594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-30594" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3028" } ] }
wid-sec-w-2023-1031
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterst\u00fctzung u. a. von Handelsfirmen und der Gastronomie.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1031 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1031.json" }, { "category": "self", "summary": "WID-SEC-2023-1031 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1031" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Retail Applications vom 2023-04-18", "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixRAPP" } ], "source_lang": "en-US", "title": "Oracle Retail Applications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-04-18T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:24:57.395+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1031", "initial_release_date": "2023-04-18T22:00:00.000+00:00", "revision_history": [ { "date": "2023-04-18T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Retail Applications 16.0.3", "product": { "name": "Oracle Retail Applications 16.0.3", "product_id": "T019034", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:16.0.3" } } }, { "category": "product_name", "name": "Oracle Retail Applications 15.0.3.1", "product": { "name": "Oracle Retail Applications 15.0.3.1", "product_id": "T019909", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:15.0.3.1" } } }, { "category": "product_name", "name": "Oracle Retail Applications 14.1.3.2", "product": { "name": "Oracle Retail Applications 14.1.3.2", "product_id": "T019910", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:14.1.3.2" } } }, { "category": "product_name", "name": "Oracle Retail Applications 15.0.3", "product": { "name": "Oracle Retail Applications 15.0.3", "product_id": "T020721", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:15.0.3" } } }, { "category": "product_name", "name": "Oracle Retail Applications 14.2", "product": { "name": "Oracle Retail Applications 14.2", "product_id": "T021712", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:14.2" } } }, { "category": "product_name", "name": "Oracle Retail Applications 16.0.2", "product": { "name": "Oracle Retail Applications 16.0.2", "product_id": "T022879", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:16.0.2" } } }, { "category": "product_name", "name": "Oracle Retail Applications 19.0.0.6", "product": { "name": "Oracle Retail Applications 19.0.0.6", "product_id": "T027397", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:19.0.0.6" } } }, { "category": "product_name", "name": "Oracle Retail Applications 18.0.5", "product": { "name": "Oracle Retail Applications 18.0.5", "product_id": "T027398", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:18.0.5" } } }, { "category": "product_name", "name": "Oracle Retail Applications 19.0.4", "product": { "name": "Oracle Retail Applications 19.0.4", "product_id": "T027399", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:19.0.4" } } }, { "category": "product_name", "name": "Oracle Retail Applications 20.0.3", "product": { "name": "Oracle Retail Applications 20.0.3", "product_id": "T027400", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:20.0.3" } } }, { "category": "product_name", "name": "Oracle Retail Applications 21.0.2", "product": { "name": "Oracle Retail Applications 21.0.2", "product_id": "T027401", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:21.0.2" } } }, { "category": "product_name", "name": "Oracle Retail Applications 18.0.0.12", "product": { "name": "Oracle Retail Applications 18.0.0.12", "product_id": "T027402", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:18.0.0.12" } } }, { "category": "product_name", "name": "Oracle Retail Applications 17.0.6", "product": { "name": "Oracle Retail Applications 17.0.6", "product_id": "T027403", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_applications:17.0.6" } } } ], "category": "product_name", "name": "Retail Applications" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-45047", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-45047" }, { "cve": "CVE-2022-42889", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-42889" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-41966", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-41966" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-36033", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-36033" }, { "cve": "CVE-2022-33980", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-33980" }, { "cve": "CVE-2022-3171", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-3171" }, { "cve": "CVE-2022-23437", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-23437" }, { "cve": "CVE-2022-23181", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-23181" }, { "cve": "CVE-2022-22971", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-22971" }, { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2021-44832" }, { "cve": "CVE-2020-35168", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T019034", "T022879", "T019910", "T021712", "T020721", "T027403", "T027401", "T027402", "T027399", "T027400", "T027397", "T019909", "T027398" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2020-35168" } ] }
wid-sec-w-2022-0169
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "MySQL ist ein Open Source Datenbankserver von Oracle.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- NetApp Appliance\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0169 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0169.json" }, { "category": "self", "summary": "WID-SEC-2022-0169 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0169" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5490-1 vom 2022-06-21", "url": "https://ubuntu.com/security/notices/USN-5490-1" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2003-1 vom 2022-06-07", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011247.html" }, { "category": "external", "summary": "Oracle Critical Patch Update April 2022 - Appendix Oracle MySQL vom 2022-04-19", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20220429-0005 vom 2022-04-29", "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5400-1 vom 2022-05-03", "url": "https://ubuntu.com/security/notices/USN-5400-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5400-2 vom 2022-05-04", "url": "https://ubuntu.com/security/notices/USN-5400-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5400-3 vom 2022-05-05", "url": "https://ubuntu.com/security/notices/USN-5400-3" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-098 vom 2022-07-21", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-098.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6306 vom 2022-09-01", "url": "https://access.redhat.com/errata/RHSA-2022:6306" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6518 vom 2022-09-14", "url": "https://access.redhat.com/errata/RHSA-2022:6518" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6590 vom 2022-09-21", "url": "https://access.redhat.com/errata/RHSA-2022:6590" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-6590 vom 2022-09-22", "url": "https://linux.oracle.com/errata/ELSA-2022-6590.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1040-3 vom 2022-10-06", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012505.html" }, { "category": "external", "summary": "Juniper Security Bulletin", "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release" }, { "category": "external", "summary": "Oracle Linux Bulletin-October 2022 vom 2022-10-18", "url": "https://www.oracle.com/security-alerts/linuxbulletinoct2022.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7119 vom 2022-10-25", "url": "https://access.redhat.com/errata/RHSA-2022:7119" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7119 vom 2022-10-27", "url": "https://linux.oracle.com/errata/ELSA-2022-7119.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-165 vom 2022-11-04", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-165.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7464 vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7464" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7970 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:7970" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7970 vom 2022-11-22", "url": "https://linux.oracle.com/errata/ELSA-2022-7970.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8860 vom 2022-12-08", "url": "https://access.redhat.com/errata/RHSA-2022:8860" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8847 vom 2022-12-08", "url": "https://access.redhat.com/errata/RHSA-2022:8847" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8893 vom 2022-12-15", "url": "https://access.redhat.com/errata/RHSA-2022:8893" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1931 vom 2023-02-06", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1931.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1676 vom 2023-02-06", "url": "https://alas.aws.amazon.com/ALAS-2023-1676.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2023-1948 vom 2023-02-22", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1948.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3433 vom 2024-05-28", "url": "https://access.redhat.com/errata/RHSA-2024:3433" } ], "source_lang": "en-US", "title": "Oracle MySQL: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-28T22:00:00.000+00:00", "generator": { "date": "2024-05-29T08:08:02.957+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0169", "initial_release_date": "2022-04-19T22:00:00.000+00:00", "revision_history": [ { "date": "2022-04-19T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-05-01T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von NetApp aufgenommen" }, { "date": "2022-05-03T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-05-04T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-05-05T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-06-07T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-06-21T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-07-20T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2022-09-01T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-09-14T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-09-20T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-09-21T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-10-06T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-10-12T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates aufgenommen" }, { "date": "2022-10-18T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates aufgenommen" }, { "date": "2022-10-25T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-26T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-11-06T23:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2022-11-08T23:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-15T23:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-21T23:00:00.000+00:00", "number": "21", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-12-07T23:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-15T23:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-06T23:00:00.000+00:00", "number": "24", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-02-22T23:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-05-28T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "26" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c22.2R1", "product": { "name": "Juniper Junos Space \u003c22.2R1", "product_id": "T003343", "product_identification_helper": { "cpe": "cpe:/a:juniper:junos_space:-" } } } ], "category": "product_name", "name": "Junos Space" } ], "category": "vendor", "name": "Juniper" }, { "branches": [ { "category": "product_name", "name": "NetApp ActiveIQ Unified Manager", "product": { "name": "NetApp ActiveIQ Unified Manager", "product_id": "T016960", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:-" } } } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c=8.0.29", "product": { "name": "Oracle MySQL \u003c=8.0.29", "product_id": "T022871", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:8.0.29" } } }, { "category": "product_version_range", "name": "\u003c=8.0.28", "product": { "name": "Oracle MySQL \u003c=8.0.28", "product_id": "T022872", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:8.0.28" } } }, { "category": "product_version_range", "name": "\u003c=5.7.37", "product": { "name": "Oracle MySQL \u003c=5.7.37", "product_id": "T022873", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:5.7.37" } } }, { "category": "product_version_range", "name": "\u003c=7.4.35", "product": { "name": "Oracle MySQL \u003c=7.4.35", "product_id": "T022874", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:7.4.35" } } }, { "category": "product_version_range", "name": "\u003c=7.5.25", "product": { "name": "Oracle MySQL \u003c=7.5.25", "product_id": "T022875", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:7.5.25" } } }, { "category": "product_version_range", "name": "\u003c=7.6.21", "product": { "name": "Oracle MySQL \u003c=7.6.21", "product_id": "T022876", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:7.6.21" } } } ], "category": "product_name", "name": "MySQL" } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_name", "name": "Red Hat OpenShift", "product": { "name": "Red Hat OpenShift", "product_id": "367115", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-22570", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2021-22570" }, { "cve": "CVE-2021-41184", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2021-41184" }, { "cve": "CVE-2021-42340", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2021-42340" }, { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2021-44832" }, { "cve": "CVE-2022-0778", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-0778" }, { "cve": "CVE-2022-21412", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21412" }, { "cve": "CVE-2022-21413", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21413" }, { "cve": "CVE-2022-21414", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21414" }, { "cve": "CVE-2022-21415", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21415" }, { "cve": "CVE-2022-21417", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21417" }, { "cve": "CVE-2022-21418", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21418" }, { "cve": "CVE-2022-21423", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21423" }, { "cve": "CVE-2022-21425", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21425" }, { "cve": "CVE-2022-21427", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21427" }, { "cve": "CVE-2022-21435", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21435" }, { "cve": "CVE-2022-21436", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21436" }, { "cve": "CVE-2022-21437", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21437" }, { "cve": "CVE-2022-21438", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21438" }, { "cve": "CVE-2022-21440", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21440" }, { "cve": "CVE-2022-21444", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21444" }, { "cve": "CVE-2022-21451", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21451" }, { "cve": "CVE-2022-21452", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21452" }, { "cve": "CVE-2022-21454", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21454" }, { "cve": "CVE-2022-21457", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21457" }, { "cve": "CVE-2022-21459", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21459" }, { "cve": "CVE-2022-21460", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21460" }, { "cve": "CVE-2022-21462", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21462" }, { "cve": "CVE-2022-21478", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21478" }, { "cve": "CVE-2022-21479", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21479" }, { "cve": "CVE-2022-21482", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21482" }, { "cve": "CVE-2022-21483", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21483" }, { "cve": "CVE-2022-21484", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21484" }, { "cve": "CVE-2022-21485", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21485" }, { "cve": "CVE-2022-21486", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21486" }, { "cve": "CVE-2022-21489", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21489" }, { "cve": "CVE-2022-21490", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-21490" }, { "cve": "CVE-2022-22965", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-22965" }, { "cve": "CVE-2022-23181", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-23181" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "T002207", "67646", "T000126", "367115", "398363", "T004914", "T016960" ], "last_affected": [ "T022873", "T022874", "T022875", "T022876", "T022871", "T022872" ] }, "release_date": "2022-04-19T22:00:00Z", "title": "CVE-2022-23305" } ] }
wid-sec-w-2022-0197
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0197 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0197.json" }, { "category": "self", "summary": "WID-SEC-2022-0197 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0197" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-225 vom 2022-12-09", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-225.html" }, { "category": "external", "summary": "Apache Log4j 2 Website vom 2021-12-28", "url": "https://logging.apache.org/log4j/2.x/" }, { "category": "external", "summary": "Debian Security Advisory DLA-2870 vom 2021-12-30", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "category": "external", "summary": "Apache Struts Announcement", "url": "https://struts.apache.org/announce-2022" }, { "category": "external", "summary": "IBM Security Bulletin 6538148 vom 2022-01-05", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-ibm-websphere-application-server-cve-2021-45105-cve-2021-44832/" }, { "category": "external", "summary": "Cisco Security Advisory cisco-sa-apache-log4j-qRuKNEbd vom 2022-01-06", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "category": "external", "summary": "JobScheduler Vulnerability Release 1.13.11 vom 2022-01-10", "url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.11" }, { "category": "external", "summary": "HPE Security Bulletin HPESBGN04215 rev.10 vom 2022-01-08", "url": "https://support.hpe.com/hpesc/public/docDisplay?elq_mid=17739\u0026elq_cid=67018031\u0026docId=hpesbgn04215en_us" }, { "category": "external", "summary": "IBM Security Bulletin 6539408 vom 2022-01-11", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-the-ibm-websphere-application-server-and-ibm-security-guardium-key-lifecycle-manager-cve-2021-4104-cve-2021-45046-cve-2021-45105/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5222-1 vom 2022-01-11", "url": "https://ubuntu.com/security/notices/USN-5222-1" }, { "category": "external", "summary": "JobScheduler Vulnerability Release 2.2.1 vom 2022-01-11", "url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+2.2.1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0138 vom 2022-01-13", "url": "https://access.redhat.com/errata/RHSA-2022:0138" }, { "category": "external", "summary": "IBM Security Bulletin 6540676 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-snapshot-on-windows-cve-2021-44832/" }, { "category": "external", "summary": "IBM Security Bulletin 6540560 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-operations-center-cve-2021-44832/" }, { "category": "external", "summary": "IBM Security Bulletin 6540846 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-for-space-management-cve-2021-44832/" }, { "category": "external", "summary": "IBM Security Bulletin 6540692 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-impacts-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-cve-2021-44832/" }, { "category": "external", "summary": "IBM Security Bulletin 6540874 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2021-44832/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0203 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0226 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0226" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0227 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0227" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0083 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0225 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0225" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0216 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0222 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0205 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0223 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0230 vom 2022-01-22", "url": "https://access.redhat.com/errata/RHSA-2022:0230" }, { "category": "external", "summary": "IBM Security Bulletin 6549888 vom 2022-01-25", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0236 vom 2022-01-25", "url": "https://access.redhat.com/errata/RHSA-2022:0236" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0181 vom 2022-01-27", "url": "https://access.redhat.com/errata/RHSA-2022:0181" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-011 vom 2022-01-27", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-011.html" }, { "category": "external", "summary": "IBM Security Bulletin 6551310 vom 2022-01-28", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-omnibus-common-integration-libraries-is-vulnerable-to-arbitrary-code-execution-and-denial-of-service-due-to-apache-log4j-cve-2021-44228-cve-2021-45046-cve-2021/" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-1734 vom 2022-01-27", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1734.html" }, { "category": "external", "summary": "IBM Security Bulletin 6552546 vom 2022-02-02", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-tivoli-netcool-omnibus-installation-contains-vulnerable-apache-log4j-code-cve-2021-44832-cve-2021-45046-cve-2021-45105/" }, { "category": "external", "summary": "IBM Security Bulletin 6553026 vom 2022-02-05", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0467 vom 2022-02-08", "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0485 vom 2022-02-16", "url": "https://access.redhat.com/errata/RHSA-2022:0485" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0493 vom 2022-02-16", "url": "https://access.redhat.com/errata/RHSA-2022:0493" }, { "category": "external", "summary": "HCL Article KB0097299 vom 2022-03-23", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097299" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1296 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1297 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1299 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "external", "summary": "IBM Security Bulletin 6593439 vom 2022-06-09", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-software-architect-realtime-edition-rsa-rt-is-vulnerable-to-apache-log4j2-cve-2021-44832/" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2022-001 vom 2022-04-25", "url": "https://downloads.avaya.com/css/P8/documents/101081576" }, { "category": "external", "summary": "IBM Security Bulletin 6832160 vom 2022-10-27", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-log4j-ibm-qradar-siem-is-vulnerable-to-arbitrary-code-execution-cve-2019-17571-cve-2021-44832-cve-2021-4104/" } ], "source_lang": "en-US", "title": "Apache log4j: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung", "tracking": { "current_release_date": "2022-12-11T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:47:04.010+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0197", "initial_release_date": "2021-12-28T23:00:00.000+00:00", "revision_history": [ { "date": "2021-12-28T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-12-29T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-01-02T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Apache aufgenommen" }, { "date": "2022-01-04T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-05T23:00:00.000+00:00", "number": "5", "summary": "Referenz(en) aufgenommen: PH38929" }, { "date": "2022-01-06T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Cisco aufgenommen" }, { "date": "2022-01-09T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SOS GmbH und HPE aufgenommen" }, { "date": "2022-01-10T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-11T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-01-12T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates aufgenommen" }, { "date": "2022-01-13T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-16T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-19T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-20T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-23T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-24T23:00:00.000+00:00", "number": "16", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-25T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-26T23:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-27T23:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Amazon und IBM aufgenommen" }, { "date": "2022-02-01T23:00:00.000+00:00", "number": "20", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-02-06T23:00:00.000+00:00", "number": "21", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-02-08T23:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-02-16T23:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-03-22T23:00:00.000+00:00", "number": "24", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-04-11T22:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-04-26T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2022-06-08T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-10-26T22:00:00.000+00:00", "number": "28", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-12-11T23:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Amazon aufgenommen" } ], "status": "final", "version": "29" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Apache Struts", "product": { "name": "Apache Struts", "product_id": "642", "product_identification_helper": { "cpe": "cpe:/a:apache:struts:-" } } }, { "branches": [ { "category": "product_name", "name": "Apache log4j \u003c 2.3.2", "product": { "name": "Apache log4j \u003c 2.3.2", "product_id": "T021443", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.3.2" } } }, { "category": "product_name", "name": "Apache log4j \u003c 2.12.4", "product": { "name": "Apache log4j \u003c 2.12.4", "product_id": "T021444", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.12.4" } } }, { "category": "product_name", "name": "Apache log4j \u003c 2.17.1", "product": { "name": "Apache log4j \u003c 2.17.1", "product_id": "T021445", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.17.1" } } } ], "category": "product_name", "name": "log4j" } ], "category": "vendor", "name": "Apache" }, { "branches": [ { "category": "product_name", "name": "Avaya Aura Application Enablement Services", "product": { "name": "Avaya Aura Application Enablement Services", "product_id": "T015516", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_application_enablement_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Experience Portal", "product": { "name": "Avaya Aura Experience Portal", "product_id": "T015519", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_experience_portal:-" } } }, { "category": "product_name", "name": "Avaya one-X", "product": { "name": "Avaya one-X", "product_id": "1024", "product_identification_helper": { "cpe": "cpe:/a:avaya:one-x:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Cisco Application Policy Infrastructure Controller", "product": { "name": "Cisco Application Policy Infrastructure Controller", "product_id": "778219", "product_identification_helper": { "cpe": "cpe:/a:cisco:application_policy_infrastructure_controller:-" } } }, { "category": "product_name", "name": "Cisco Emergency Responder (ER) Director", "product": { "name": "Cisco Emergency Responder (ER) Director", "product_id": "2040", "product_identification_helper": { "cpe": "cpe:/a:cisco:emergency_responder:-" } } }, { "category": "product_name", "name": "Cisco Finesse Director", "product": { "name": "Cisco Finesse Director", "product_id": "199167", "product_identification_helper": { "cpe": "cpe:/a:cisco:finesse:-" } } }, { "category": "product_name", "name": "Cisco Firepower", "product": { "name": "Cisco Firepower", "product_id": "T011337", "product_identification_helper": { "cpe": "cpe:/a:cisco:firepower:-" } } }, { "category": "product_name", "name": "Cisco Identity Services Engine (ISE)", "product": { "name": "Cisco Identity Services Engine (ISE)", "product_id": "T000612", "product_identification_helper": { "cpe": "cpe:/a:cisco:identity_services_engine_software:-" } } }, { "category": "product_name", "name": "Cisco Integrated Management Controller Supervisor", "product": { "name": "Cisco Integrated Management Controller Supervisor", "product_id": "T021487", "product_identification_helper": { "cpe": "cpe:/a:cisco:integrated_management_controller:::supervisor" } } }, { "category": "product_name", "name": "Cisco Network Services Orchestrator", "product": { "name": "Cisco Network Services Orchestrator", "product_id": "T021358", "product_identification_helper": { "cpe": "cpe:/a:cisco:network_services_orchestrator:-" } } }, { "branches": [ { "category": "product_name", "name": "Cisco Nexus Dashboard", "product": { "name": "Cisco Nexus Dashboard", "product_id": "T021249", "product_identification_helper": { "cpe": "cpe:/h:cisco:nexus:::dashboard" } } }, { "category": "product_name", "name": "Cisco Nexus Insights", "product": { "name": "Cisco Nexus Insights", "product_id": "T021357", "product_identification_helper": { "cpe": "cpe:/h:cisco:nexus:insights" } } } ], "category": "product_name", "name": "Nexus" }, { "category": "product_name", "name": "Cisco SD-WAN vManage", "product": { "name": "Cisco SD-WAN vManage", "product_id": "T018812", "product_identification_helper": { "cpe": "cpe:/a:cisco:sd_wan:vmanage" } } }, { "category": "product_name", "name": "Cisco Unified Communications Manager (CUCM) Director", "product": { "name": "Cisco Unified Communications Manager (CUCM) Director", "product_id": "2142", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_communications_manager:-" } } }, { "category": "product_name", "name": "Cisco Unified Communications Manager IM \u0026 Presence Service Director", "product": { "name": "Cisco Unified Communications Manager IM \u0026 Presence Service Director", "product_id": "915287", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:-" } } }, { "branches": [ { "category": "product_name", "name": "Cisco Unified Computing System (UCS)", "product": { "name": "Cisco Unified Computing System (UCS)", "product_id": "163824", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_computing_system:-" } } }, { "category": "product_name", "name": "Cisco Unified Computing System (UCS) Director", "product": { "name": "Cisco Unified Computing System (UCS) Director", "product_id": "T017032", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_computing_system:director_6.7.4.1" } } } ], "category": "product_name", "name": "Unified Computing System (UCS)" }, { "category": "product_name", "name": "Cisco Unified Contact Center Enterprise Director", "product": { "name": "Cisco Unified Contact Center Enterprise Director", "product_id": "2143", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-" } } }, { "category": "product_name", "name": "Cisco Unified Contact Center Express (UCCX) Director", "product": { "name": "Cisco Unified Contact Center Express (UCCX) Director", "product_id": "915286", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_contact_center_express:-" } } }, { "category": "product_name", "name": "Cisco Unified Intelligence Center Director", "product": { "name": "Cisco Unified Intelligence Center Director", "product_id": "T018811", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_intelligence_center:-" } } }, { "category": "product_name", "name": "Cisco Unity Connection Director", "product": { "name": "Cisco Unity Connection Director", "product_id": "T002044", "product_identification_helper": { "cpe": "cpe:/a:cisco:unity_connection:-" } } }, { "category": "product_name", "name": "Cisco Video Surveillance Operations Manager Director", "product": { "name": "Cisco Video Surveillance Operations Manager Director", "product_id": "196088", "product_identification_helper": { "cpe": "cpe:/a:cisco:video_surveillance_operations_manager:-" } } }, { "category": "product_name", "name": "Cisco WebEx Meetings Server", "product": { "name": "Cisco WebEx Meetings Server", "product_id": "T001160", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex_meetings_server:-" } } } ], "category": "vendor", "name": "Cisco" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "HPE Intelligent Management Center (IMC)", "product": { "name": "HPE Intelligent Management Center (IMC)", "product_id": "T001888", "product_identification_helper": { "cpe": "cpe:/a:hp:intelligent_management_center:-" } } } ], "category": "vendor", "name": "HPE" }, { "branches": [ { "category": "product_name", "name": "IBM DB2", "product": { "name": "IBM DB2", "product_id": "5104", "product_identification_helper": { "cpe": "cpe:/a:ibm:db2:-" } } }, { "branches": [ { "category": "product_name", "name": "IBM QRadar SIEM 7.5", "product": { "name": "IBM QRadar SIEM 7.5", "product_id": "T022954", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.5" } } }, { "category": "product_name", "name": "IBM QRadar SIEM 7.4", "product": { "name": "IBM QRadar SIEM 7.4", "product_id": "T024775", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.4" } } } ], "category": "product_name", "name": "QRadar SIEM" }, { "category": "product_name", "name": "IBM Rational Software Architect", "product": { "name": "IBM Rational Software Architect", "product_id": "T005181", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_software_architect:-" } } }, { "category": "product_name", "name": "IBM Security Guardium", "product": { "name": "IBM Security Guardium", "product_id": "T021345", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:-" } } }, { "category": "product_name", "name": "IBM Tivoli Netcool/OMNIbus", "product": { "name": "IBM Tivoli Netcool/OMNIbus", "product_id": "T004181", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-" } } }, { "category": "product_name", "name": "IBM WebSphere Application Server", "product": { "name": "IBM WebSphere Application Server", "product_id": "5198", "product_identification_helper": { "cpe": "cpe:/a:ibm:websphere_application_server:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SOS GmbH JobScheduler", "product": { "name": "SOS GmbH JobScheduler", "product_id": "T021263", "product_identification_helper": { "cpe": "cpe:/a:sos_gmbh:jobscheduler:-" } } } ], "category": "vendor", "name": "SOS GmbH" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Apache log4j. Bestimmte Nutzer-Eingaben werden nur ungen\u00fcgend validiert. Ein entfernter authentisierter Angreifer mit der Berechtigung zum \u00c4ndern der Protokollierungskonfigurationsdatei kann eine b\u00f6sartige Konfiguration mit einem JDBC-Appender mit einer Datenquelle erstellen, die auf einen JNDI-URI verweist. In der Folge kann Code zur Ausf\u00fchrung gebracht werden." } ], "product_status": { "known_affected": [ "T001160", "67646", "T017032", "T021358", "T021357", "T000612", "T001888", "T005181", "199167", "398363", "163824", "T015519", "5198", "T015516", "T011337", "2143", "2142", "2040", "T022954", "T021345", "T021487", "642", "2951", "T018811", "1024", "T000126", "T018812", "T021249", "5104", "778219", "T004181", "T024775", "196088", "915287", "915286", "T002044", "T021263" ] }, "release_date": "2021-12-28T23:00:00Z", "title": "CVE-2021-44832" } ] }
wid-sec-w-2023-1524
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Spectrum Protect ist eine zentralisierte Backupl\u00f6sung f\u00fcr Systeme im Netzwerk.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM Spectrum Protect Plus ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1524 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-1524.json" }, { "category": "self", "summary": "WID-SEC-2023-1524 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1524" }, { "category": "external", "summary": "IBM Security Bulletin 7005589 vom 2023-06-21", "url": "https://www.ibm.com/support/pages/node/7005589" }, { "category": "external", "summary": "IBM Security Advisory vom 2022-01-31", "url": "https://www.ibm.com/support/pages/node/6552186" }, { "category": "external", "summary": "IBM Security Advisory vom 2022-01-31", "url": "https://www.ibm.com/support/pages/node/6540860" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0735 vom 2022-03-03", "url": "https://access.redhat.com/errata/RHSA-2022:0735" } ], "source_lang": "en-US", "title": "IBM Spectrum Protect Plus: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-20T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:32:07.181+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1524", "initial_release_date": "2022-01-31T23:00:00.000+00:00", "revision_history": [ { "date": "2022-01-31T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-03-03T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-20T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Spectrum Protect plus 10.1", "product": { "name": "IBM Spectrum Protect plus 10.1", "product_id": "T015895", "product_identification_helper": { "cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1" } } }, { "category": "product_name", "name": "IBM Spectrum Protect Plus \u003c 10.1.9.3", "product": { "name": "IBM Spectrum Protect Plus \u003c 10.1.9.3", "product_id": "T021902", "product_identification_helper": { "cpe": "cpe:/a:ibm:spectrum_protect:plus__10.1.9.3" } } } ], "category": "product_name", "name": "Spectrum Protect" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3733", "notes": [ { "category": "description", "text": "In IBM Spectrum Protect Plus existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Python, Golang Go, MinIO und Apache Log4j. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "67646", "T015895", "T021902" ] }, "release_date": "2022-01-31T23:00:00Z", "title": "CVE-2021-3733" }, { "cve": "CVE-2021-3737", "notes": [ { "category": "description", "text": "In IBM Spectrum Protect Plus existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Python, Golang Go, MinIO und Apache Log4j. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "67646", "T015895", "T021902" ] }, "release_date": "2022-01-31T23:00:00Z", "title": "CVE-2021-3737" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "In IBM Spectrum Protect Plus existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Python, Golang Go, MinIO und Apache Log4j. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "67646", "T015895", "T021902" ] }, "release_date": "2022-01-31T23:00:00Z", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-41772", "notes": [ { "category": "description", "text": "In IBM Spectrum Protect Plus existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Python, Golang Go, MinIO und Apache Log4j. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "67646", "T015895", "T021902" ] }, "release_date": "2022-01-31T23:00:00Z", "title": "CVE-2021-41772" }, { "cve": "CVE-2021-43858", "notes": [ { "category": "description", "text": "In IBM Spectrum Protect Plus existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Python, Golang Go, MinIO und Apache Log4j. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "67646", "T015895", "T021902" ] }, "release_date": "2022-01-31T23:00:00Z", "title": "CVE-2021-43858" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "In IBM Spectrum Protect Plus existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Python, Golang Go, MinIO und Apache Log4j. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "67646", "T015895", "T021902" ] }, "release_date": "2022-01-31T23:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44717", "notes": [ { "category": "description", "text": "In IBM Spectrum Protect Plus existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Python, Golang Go, MinIO und Apache Log4j. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "67646", "T015895", "T021902" ] }, "release_date": "2022-01-31T23:00:00Z", "title": "CVE-2021-44717" }, { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "In IBM Spectrum Protect Plus existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Python, Golang Go, MinIO und Apache Log4j. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "67646", "T015895", "T021902" ] }, "release_date": "2022-01-31T23:00:00Z", "title": "CVE-2021-44832" } ] }
wid-sec-w-2023-0122
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Die Oracle Supply Chain ist eine Sammlung von Applikationen f\u00fcr verschiedene Zwecke.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Supply Chain ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0122 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0122.json" }, { "category": "self", "summary": "WID-SEC-2023-0122 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0122" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Supply Chain vom 2023-01-17", "url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixSCP" } ], "source_lang": "en-US", "title": "Oracle Supply Chain: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-01-17T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:10:15.790+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0122", "initial_release_date": "2023-01-17T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-17T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Supply Chain 9.3.6", "product": { "name": "Oracle Supply Chain 9.3.6", "product_id": "T019052", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:9.3.6" } } }, { "category": "product_name", "name": "Oracle Supply Chain 12.1", "product": { "name": "Oracle Supply Chain 12.1", "product_id": "T019054", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:12.1" } } }, { "category": "product_name", "name": "Oracle Supply Chain 12.2", "product": { "name": "Oracle Supply Chain 12.2", "product_id": "T019055", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:12.2" } } }, { "category": "product_name", "name": "Oracle Supply Chain 12.2.11", "product": { "name": "Oracle Supply Chain 12.2.11", "product_id": "T021721", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:12.2.11" } } }, { "category": "product_name", "name": "Oracle Supply Chain \u003c 21.0.2.6", "product": { "name": "Oracle Supply Chain \u003c 21.0.2.6", "product_id": "T025892", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:21.0.2.6" } } }, { "category": "product_name", "name": "Oracle Supply Chain 12.2.7", "product": { "name": "Oracle Supply Chain 12.2.7", "product_id": "T025893", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:12.2.7" } } }, { "category": "product_name", "name": "Oracle Supply Chain 12.2.8", "product": { "name": "Oracle Supply Chain 12.2.8", "product_id": "T025894", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:12.2.8" } } }, { "category": "product_name", "name": "Oracle Supply Chain 12.2.9", "product": { "name": "Oracle Supply Chain 12.2.9", "product_id": "T025895", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:12.2.9" } } }, { "category": "product_name", "name": "Oracle Supply Chain 12.2.10", "product": { "name": "Oracle Supply Chain 12.2.10", "product_id": "T025896", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:12.2.10" } } }, { "category": "product_name", "name": "Oracle Supply Chain 12.2.12", "product": { "name": "Oracle Supply Chain 12.2.12", "product_id": "T025897", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:12.2.12" } } }, { "category": "product_name", "name": "Oracle Supply Chain \u003c 21.0.2.0", "product": { "name": "Oracle Supply Chain \u003c 21.0.2.0", "product_id": "T025898", "product_identification_helper": { "cpe": "cpe:/a:oracle:supply_chain:21.0.2.0" } } } ], "category": "product_name", "name": "Supply Chain" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-21850", "notes": [ { "category": "description", "text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T021721", "T019052", "T025895", "T025894", "T019054", "T025897", "T025896", "T019055", "T025893" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2023-21850" }, { "cve": "CVE-2022-42252", "notes": [ { "category": "description", "text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T021721", "T019052", "T025895", "T025894", "T019054", "T025897", "T025896", "T019055", "T025893" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2022-42252" }, { "cve": "CVE-2022-34169", "notes": [ { "category": "description", "text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T021721", "T019052", "T025895", "T025894", "T019054", "T025897", "T025896", "T019055", "T025893" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2022-34169" }, { "cve": "CVE-2022-24839", "notes": [ { "category": "description", "text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T021721", "T019052", "T025895", "T025894", "T019054", "T025897", "T025896", "T019055", "T025893" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2022-24839" }, { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T021721", "T019052", "T025895", "T025894", "T019054", "T025897", "T025896", "T019055", "T025893" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2021-44832" }, { "cve": "CVE-2020-27844", "notes": [ { "category": "description", "text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T021721", "T019052", "T025895", "T025894", "T019054", "T025897", "T025896", "T019055", "T025893" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2020-27844" }, { "cve": "CVE-2019-7317", "notes": [ { "category": "description", "text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T021721", "T019052", "T025895", "T025894", "T019054", "T025897", "T025896", "T019055", "T025893" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2019-7317" }, { "cve": "CVE-2019-12415", "notes": [ { "category": "description", "text": "In Oracle Supply Chain existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T021721", "T019052", "T025895", "T025894", "T019054", "T025897", "T025896", "T019055", "T025893" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2019-12415" } ] }
wid-sec-w-2023-0123
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Siebel CRM ist eine CRM-L\u00f6sung von Oracle.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Siebel CRM ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0123 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0123.json" }, { "category": "self", "summary": "WID-SEC-2023-0123 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0123" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Siebel CRM vom 2023-01-17", "url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixSECR" } ], "source_lang": "en-US", "title": "Oracle Siebel CRM: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-01-17T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:10:16.728+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0123", "initial_release_date": "2023-01-17T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-17T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Siebel CRM \u003c= 22.10", "product": { "name": "Oracle Siebel CRM \u003c= 22.10", "product_id": "T025891", "product_identification_helper": { "cpe": "cpe:/a:oracle:siebel_crm:22.10" } } } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-2274", "notes": [ { "category": "description", "text": "In Oracle Siebel CRM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "last_affected": [ "T025891" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2022-2274" }, { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "In Oracle Siebel CRM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "last_affected": [ "T025891" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2021-44832" } ] }
ghsa-8489-44mv-ggj8
Vulnerability from github
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Affected packages
Only the org.apache.logging.log4j:log4j-core
package is directly affected by this vulnerability. The org.apache.logging.log4j:log4j-api
should be kept at the same version as the org.apache.logging.log4j:log4j-core
package to ensure compatability if in use.
This issue does not impact default configurations of Log4j2 and requires an attacker to have control over the Log4j2 configuration, which reduces the likelihood of being exploited.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.logging.log4j:log4j-core" }, "ranges": [ { "events": [ { "introduced": "2.0-beta7" }, { "fixed": "2.3.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.logging.log4j:log4j-core" }, "ranges": [ { "events": [ { "introduced": "2.4" }, { "fixed": "2.12.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.logging.log4j:log4j-core" }, "ranges": [ { "events": [ { "introduced": "2.13.0" }, { "fixed": "2.17.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-44832" ], "database_specific": { "cwe_ids": [ "CWE-20", "CWE-74" ], "github_reviewed": true, "github_reviewed_at": "2021-12-28T21:14:19Z", "nvd_published_at": "2021-12-28T20:15:00Z", "severity": "MODERATE" }, "details": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n\n\n# Affected packages\nOnly the `org.apache.logging.log4j:log4j-core` package is directly affected by this vulnerability. The `org.apache.logging.log4j:log4j-api` should be kept at the same version as the `org.apache.logging.log4j:log4j-core` package to ensure compatability if in use.\n\nThis issue does not impact default configurations of Log4j2 and requires an attacker to have control over the Log4j2 configuration, which reduces the likelihood of being exploited.", "id": "GHSA-8489-44mv-ggj8", "modified": "2022-02-25T18:37:34Z", "published": "2022-01-04T16:14:20Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "type": "PACKAGE", "url": "https://github.com/apache/logging-log4j2" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "type": "WEB", "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20220104-0001" }, { "type": "WEB", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Improper Input Validation and Injection in Apache Log4j2" }
var-202112-2011
Vulnerability from variot
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse product documentation pages:
Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update Advisory ID: RHSA-2022:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297 Issue date: 2022-04-11 CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 =====================================================================
- Summary:
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
-
log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
-
log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
-
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
-
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - GSS Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - GSS WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
- Package List:
Red Hat JBoss EAP 7.4 for RHEL 8:
Source: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm
noarch: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm
x86_64: eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0 U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe UnHI/WwB37w= =eCh2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-2089 - resourceVersion is overflowing type Integer causing ES rejection [openshift-logging 5.0]
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2011", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "health sciences data management workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.1.0.3" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.12.4" }, { "model": "health sciences data management workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.0.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.0.1" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.13.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.13" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": "log4j", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.17.1" }, { "model": "policy automation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.2.24" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "siebel ui framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.12" }, { "model": "retail assortment planning", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "20.12.7" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.3.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "20.12.12.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12.0" }, { "model": "cloudcenter", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.10.0.16" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "health sciences data management workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.5.2.1" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.4" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "policy automation for mobile devices", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.2.24" }, { "model": "retail order broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.1.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "communications offline mediation controller", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.4" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.18.0" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.3.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.3" }, { "model": "policy automation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.2.0" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.4" }, { "model": "retail fiscal management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "product lifecycle analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.6.1" }, { "model": "communications brm - elastic charging engine", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.5.0" }, { "model": "siebel ui framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "flexcube private banking", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "policy automation for mobile devices", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.2.0" }, { "model": "retail order broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.5.0" }, { "model": "communications brm - elastic charging engine", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.6" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44832" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.17.1", "versionStartIncluding": "2.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.4", "versionStartIncluding": "2.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3.2", "versionStartIncluding": "2.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.2.24", "versionStartIncluding": "12.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.0.0.4.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.2.24", "versionStartIncluding": "12.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.0.0.4.4", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44832" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "165652" }, { "db": "PACKETSTORM", "id": "165651" }, { "db": "PACKETSTORM", "id": "166022" }, { "db": "PACKETSTORM", "id": "166020" } ], "trust": 0.8 }, "cve": "CVE-2021-44832", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.8, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.8, "id": "VHN-408213", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.8, "id": "CVE-2021-44832", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.7, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44832", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-408213", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-44832", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-408213" }, { "db": "VULMON", "id": "CVE-2021-44832" }, { "db": "NVD", "id": "CVE-2021-44832" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software. The purpose of this\ntext-only errata is to inform you about the security issues fixed in this\nrelease. \n\nInstallation instructions are available from the Fuse product documentation\npages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\n4. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update\nAdvisory ID: RHSA-2022:1297-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1297\nIssue date: 2022-04-11\nCVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 \n CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 \n CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use\nJDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer\n(CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and\ncontext lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data\ncontains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)\n2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 8:\n\nSource:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\neap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4104\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/cve/CVE-2022-23302\nhttps://access.redhat.com/security/cve/CVE-2022-23305\nhttps://access.redhat.com/security/cve/CVE-2022-23307\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK\nHU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K\nkhbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ\nrZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo\nP1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e\nsPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R\nIwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt\nl3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0\nU8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp\nzhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca\ndcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe\nUnHI/WwB37w=\n=eCh2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2089 - resourceVersion is overflowing type Integer causing ES rejection [openshift-logging 5.0]\n\n6. \n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2021-44832" }, { "db": "VULHUB", "id": "VHN-408213" }, { "db": "VULMON", "id": "CVE-2021-44832" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "165652" }, { "db": "PACKETSTORM", "id": "165651" }, { "db": "PACKETSTORM", "id": "166022" }, { "db": "PACKETSTORM", "id": "166020" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44832", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-784507", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/28/1", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "166020", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165637", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165652", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165651", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "166022", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165636", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165632", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165516", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165653", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165750", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165927", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165649", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165659", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165564", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165650", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165645", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165711", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-202112-2743", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-408213", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-44832", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166676", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-408213" }, { "db": "VULMON", "id": "CVE-2021-44832" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "165652" }, { "db": "PACKETSTORM", "id": "165651" }, { "db": "PACKETSTORM", "id": "166022" }, { "db": "PACKETSTORM", "id": "166020" }, { "db": "NVD", "id": "CVE-2021-44832" } ] }, "id": "VAR-202112-2011", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-408213" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:55:35.394000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44832: remote code execution via JDBC Appender", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5e48a524651ae46e6ca9ac28bf933dcd" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.54 extras and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220181 - security advisory" }, { "title": "Red Hat: Important: Red Hat AMQ Streams 1.6.7 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220467 - security advisory" }, { "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221297 - security advisory" }, { "title": "Amazon Linux 2: ALAS2-2022-1734", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1734" }, { "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221296 - security advisory" }, { "title": "Red Hat: CVE-2021-44832", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-44832" }, { "title": "IBM: Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=fcd7c03d55043b4b7009ca8b920eb0ba" }, { "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221299 - security advisory" }, { "title": "IBM: Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis (CVE-2021-44832, CVE-2021-45105)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=56eb883672063a8cb42fae9e94dc10a9" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.7.43 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220493 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.8.31 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220485 - security advisory" }, { "title": "Amazon Linux 2022: ALAS2022-2022-011", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-011" }, { "title": "IBM: Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-44832)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e5bceef16eb57f063a2b356f344b5f60" }, { "title": "IBM: Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a0cbd5f5df3a9f322684d99eeb2b9429" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-45046, CVE-2021-45105)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=073d7506d5d6ad6fb03dbf8d511bb92e" }, { "title": "IBM: Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-44228)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7be059b2ea8ddccc8012a9cd63f3f993" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aff264acb8f6c42a7eec74ebc9aac61e" }, { "title": "Cisco: Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-log4j-qruknebd" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=f1a2b6f4f4568786daf1fc5e893e9283" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=42e3d15623cd7650d7ccb17534ee39a8" }, { "title": "Amazon Linux 2022: ALAS-2022-225", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas-2022-225" }, { "title": "aws-msk-iam-auth", "trust": 0.1, "url": "https://github.com/aws/aws-msk-iam-auth " }, { "title": "FuelSDK-Java", "trust": 0.1, "url": "https://github.com/salesforce-marketingcloud/fuelsdk-java " }, { "title": "mule-3.x-log4j-update-script", "trust": 0.1, "url": "https://github.com/yhorndt/mule-3.x-log4j-update-script " }, { "title": "fix_log4j2", "trust": 0.1, "url": "https://github.com/yundinglab/fix_log4j2 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-44832" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-408213" }, { "db": "NVD", "id": "CVE-2021-44832" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "trust": 1.1, "url": "https://issues.apache.org/jira/browse/log4j2-3293" }, { "trust": 1.1, "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/evv25fxl4fu5x6x5bsl7rlq7t6f65mra/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t57mpjuw3ma6qgwzrtmchhmmpqnvkgfc/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832" }, { "trust": 0.8, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-44832" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-45105" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-45046" }, { "trust": 0.2, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21248" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21296" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21299" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21283" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21341" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21282" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21294" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21305" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21293" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21341" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21293" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21282" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21248" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21294" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21283" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21296" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21365" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21305" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21340" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21340" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21365" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3521" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t57mpjuw3ma6qgwzrtmchhmmpqnvkgfc/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/evv25fxl4fu5x6x5bsl7rlq7t6f65mra/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.09.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.10.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0203" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.08.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0216" }, { "trust": 0.1, "url": "https://access.redhat.com/solutions/6577421" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0083" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=4.1.8" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1297" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4104" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23302" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23305" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23307" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0225" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27292" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0226" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27292" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2022:0484" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0485" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0493" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0492" } ], "sources": [ { "db": "VULHUB", "id": "VHN-408213" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "165652" }, { "db": "PACKETSTORM", "id": "165651" }, { "db": "PACKETSTORM", "id": "166022" }, { "db": "PACKETSTORM", "id": "166020" }, { "db": "NVD", "id": "CVE-2021-44832" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-408213" }, { "db": "VULMON", "id": "CVE-2021-44832" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "165652" }, { "db": "PACKETSTORM", "id": "165651" }, { "db": "PACKETSTORM", "id": "166022" }, { "db": "PACKETSTORM", "id": "166020" }, { "db": "NVD", "id": "CVE-2021-44832" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-28T00:00:00", "db": "VULHUB", "id": "VHN-408213" }, { "date": "2021-12-28T00:00:00", "db": "VULMON", "id": "CVE-2021-44832" }, { "date": "2022-01-20T17:49:05", "db": "PACKETSTORM", "id": "165632" }, { "date": "2022-01-20T17:49:52", "db": "PACKETSTORM", "id": "165636" }, { "date": "2022-01-20T17:50:03", "db": "PACKETSTORM", "id": "165637" }, { "date": "2022-04-11T17:14:49", "db": "PACKETSTORM", "id": "166676" }, { "date": "2022-01-21T15:31:01", "db": "PACKETSTORM", "id": "165652" }, { "date": "2022-01-21T15:30:48", "db": "PACKETSTORM", "id": "165651" }, { "date": "2022-02-17T16:56:10", "db": "PACKETSTORM", "id": "166022" }, { "date": "2022-02-17T16:54:19", "db": "PACKETSTORM", "id": "166020" }, { "date": "2021-12-28T20:15:08.400000", "db": "NVD", "id": "CVE-2021-44832" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-09T00:00:00", "db": "VULHUB", "id": "VHN-408213" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2021-44832" }, { "date": "2023-11-07T03:39:43.957000", "db": "NVD", "id": "CVE-2021-44832" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "166676" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2022-0203-03", "sources": [ { "db": "PACKETSTORM", "id": "165632" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "165652" }, { "db": "PACKETSTORM", "id": "165651" }, { "db": "PACKETSTORM", "id": "166022" }, { "db": "PACKETSTORM", "id": "166020" } ], "trust": 0.7 } }
cisco-sa-apache-log4j-qruknebd
Vulnerability from csaf_cisco
Notes
{ "document": { "acknowledgments": [ { "summary": "These vulnerabilities were disclosed by the Apache Software Foundation." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "notes": [ { "category": "summary", "text": "Critical Vulnerabilities in Apache Log4j Java Logging Library\r\n\r\nOn December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed:\r\n\r\nCVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints\r\n\r\nOn December 14, 2021, the following critical vulnerability, which affects certain Apache Log4j use cases in versions 2.15.0 and earlier, was disclosed:\r\n\r\nCVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack\r\n\r\nOn December 18, 2021, a vulnerability in the Apache Log4j component affecting versions 2.16 and earlier was disclosed:\r\n\r\nCVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation\r\n\r\nOn December 28, 2021, a vulnerability in the Apache Log4j component affecting versions 2.17 and earlier was disclosed:\r\n\r\nCVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration\r\n\r\nFor a description of these vulnerabilities, see the Apache Log4j Security Vulnerabilities [\"https://logging.apache.org/log4j/2.x/security.html\"] page.\r\n\r\nCisco\u0027s Response to These Vulnerabilities\r\n\r\nCisco assessed all products and services for impact from both CVE-2021-44228 and CVE-2021-45046. To help detect exploitation of these vulnerabilities, Cisco has released Snort rules at the following location: Talos Rules 2021-12-21 [\"https://www.snort.org/advisories/talos-rules-2021-12-21\"]\r\n\r\nProduct fixes that are listed in this advisory will address both CVE-2021-44228 and CVE-2021-45046 unless otherwise noted.\r\n\r\nCisco has reviewed CVE-2021-45105 and CVE-2021-44832 and has determined that no Cisco products or cloud offerings are impacted by these vulnerabilities.\r\n\r\nCisco\u0027s standard practice is to update integrated third-party software components to later versions as they become available.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\"]", "title": "Summary" }, { "category": "general", "text": "Cisco investigated its product line to determine which products may be affected by these vulnerabilities.\r\n\r\nThis advisory only lists Cisco products and services that are known to include the impacted software component and thus may be vulnerable. Products and services that do not contain the impacted software component are not vulnerable and therefore are not listed in this advisory. Any Cisco product or service that is not explicitly listed in the Affected Products section of this advisory is not affected by the vulnerability or vulnerabilities described.\r\n\r\nThe Vulnerable Products [\"#vp\"] section includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.", "title": "Affected Products" }, { "category": "general", "text": "Cisco investigated its product line to determine which products may be affected by these vulnerabilities.\r\n\r\nThe following table lists Cisco products that are affected by one or both of the vulnerabilities that are described in this advisory. Customers should refer to the associated Cisco bug(s) for further details.\r\n Product Cisco Bug ID Fixed Release Availability [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] Collaboration and Social Media Cisco Webex Meetings Server CSCwa47283 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47283\"] CWMS-3.0MR4SP3 patch (21 Dec 2021)\r\nCWMS-4.0MR4SP3 patch (21 Dec 2021)\r\nCWMS-3.0MR4SP2 patch (14 Dec 2021)\r\nCWMS-4.0MR4SP2 patch (14 Dec 2021) Endpoint Clients and Client Software Cisco CX Cloud Agent Software CSCwa47272 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47272\"] 1.12.2 (17 Dec 2021) Network Application, Service, and Acceleration Cisco Call Studio CSCwa54008 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa54008\"] 11.6(2) (23 Dec 2021)\r\n12.0(1) (23 Dec 2021)\r\n12.5(1) (23 Dec 2021)\r\n12.6(1) (23 Dec 2021) Cisco Nexus Insights CSCwa47284 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47284\"] 6.0.2 (17 Dec 2021) Network and Content Security Devices Cisco Firepower Threat Defense (FTD) managed by Firepower Device Manager (FDM) CSCwa46963 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46963\"] 6.2.3 hotfix (Available)\r\n6.4.0 hotfix (Available)\r\n6.6.5 hotfix (Available)\r\n6.7.0 hotfix (Available)\r\n7.0.1 hotfix (Available)\r\n7.1.0 hotfix (Available) Cisco Identity Services Engine (ISE) CSCwa47133 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133\"] 2.4 hotfix (15 Dec 2021)\r\n2.6 hotfix (15 Dec 2021)\r\n2.7 hotfix (15 Dec 2021)\r\n3.0 hotfix (15 Dec 2021)\r\n3.1 hotfix (17 Dec 2021) Network Management and Provisioning Cisco Application Policy Infrastructure Controller (APIC) - Network Insights Base App CSCwa47295 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47295\"] 4.2(7r) (Available)\r\n5.2(3g) (Available) Cisco Automated Subsea Tuning CSCwa48806 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48806\"] 2.1.0.4 (22 Dec 2021) Cisco Business Process Automation CSCwa47269 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47269\"] 3.0.000.115 (patch) (17 Dec 2021)\r\n3.1.000.044 (patch) (17 Dec 2021)\r\n3.2.000.009 (patch) (17 Dec 2021) Cisco CloudCenter Cost Optimizer CSCwa48074 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48074\"] 5.5.2 (Available) Cisco CloudCenter Suite Admin CSCwa47349 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47349\"] 5.3.1 (Available) Cisco CloudCenter Workload Manager CSCwa47350 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47350\"] 5.5.2 (Available) Cisco CloudCenter CSCwa48832 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48832\"] 4.10.0.16 (22 Dec 2021) Cisco Common Services Platform Collector (CSPC) CSCwa47271 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47271\"] 2.10.0.1 hotfix (Available)\r\n2.9.1.3 hotfix (Available) Cisco Crosswork Data Gateway CSCwa47257 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47257\"] 2.0.2 patch (21 Dec 2021)\r\n3.0.1 patch (21 Dec 2021) Cisco Crosswork Network Controller CSCwa49936 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49936\"] 2.0.1 patch (22 Dec 2021)\r\n3.0.1 patch (22 Dec 2021) Cisco Crosswork Optimization Engine CSCwa49939 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49939\"] 2.0.1 patch (21 Dec 2021)\r\n3.0.1 patch (21 Dec 2021) Cisco Crosswork Platform Infrastructure CSCwa47367 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47367\"] 4.0.1 patch (22 Dec 2021)\r\n4.1.1 patch (22 Dec 2021) Cisco Crosswork Situation Manager CSCwa51878 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51878\"] 8.0.0.8 patch (21 Dec 2021) Cisco Crosswork Zero Touch Provisioning (ZTP) CSCwa47259 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47259\"] 2.0.1 patch (21 Dec 2021)\r\n3.0.1 patch (21 Dec 2021) Cisco Cyber Vision Sensor Management Extension CSCwa49482 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49482\"] 4.0.3 (22 Dec 2021) Cisco DNA Spaces Connector CSCwa47320 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47320\"] v2.0.588 (Available)\r\nv2.2.12 (Available) Cisco Data Center Network Manager (DCNM) CSCwa47291 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47291\"] 12.0(2f) (Available)\r\n11.5(3) patch (Available)\r\n11.5(2) patch (Available)\r\n11.5(1) patch (Available)\r\n11.4(1) patch (Available)\r\n11.3(1) patch (Available) Cisco Evolved Programmable Network Manager CSCwa47310 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47310\"] 5.1.3.1 patch (22 Dec 2021)\r\n5.0.2.1 patch (13 Jan 2022)\r\n4.1.1.1 patch (13 Jan 2022) Cisco Intersight Virtual Appliance CSCwa47304 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47304\"] 1.0.9-361 (20 Dec 2021) Cisco Network Services Orchestrator (NSO) CSCwa47342 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47342\"] nso-5.3.5.1 (17 Dec 2021)\r\nnso-5.4.5.2 (17 Dec 2021)\r\nnso-5.5.4.1 (17 Dec 2021)\r\nnso-5.6.3.1 (17 Dec 2021) Cisco Nexus Dashboard, formerly Cisco Application Services Engine CSCwa47299 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47299\"] 2.1.2 (23 Dec 2021) Cisco Prime Service Catalog CSCwa47347 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47347\"] 12.1 patch (20 Dec 2021) Cisco Secure Agile Exchange (SAE) Core Function Pack CSCwa52921 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52921\"] 2.4.1 (14 Jan 2022) Cisco Smart PHY CSCwa50021 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50021\"] 3.1.4 patch (Available)\r\n3.2.0 patch (Available)\r\n3.2.1 patch (Available)\r\n21.3 patch (21 Jan 2022) Cisco Virtual Topology System (VTS) CSCwa47334 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47334\"] 2.6.7 (22 Dec 2021) Cisco Virtualized Infrastructure Manager CSCwa49924 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49924\"] 3.2.x patch (17 Dec 2021)\r\n3.4.4 patch (17 Dec 2021)\r\n3.4.6 patch (17 Dec 2021)\r\n4.2.0 patch (17 Dec 2021)\r\n4.2.1 patch (17 Dec 2021) Cisco WAN Automation Engine (WAE) CSCwa47369 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47369\"] 7.5.0.1 (22 Dec 2021)\r\n7.4.0.1 (28 Jan 2022)\r\n7.3.0.2 (28 Jan 2022) Routing and Switching - Enterprise and Service Provider Cisco DNA Center CSCwa47322 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322\"] 2.2.2.8 patch (Available)\r\n2.1.2.8 patch (Available)\r\n2.2.3.4 patch (Available) Cisco IOx Fog Director CSCwa47370 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47370\"] 1.14.5 patch (16 Dec 2021)\r\n1.16.4 patch (Available) Cisco Network Assurance Engine CSCwa47285 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47285\"] 6.0.2 (23 Dec 2021) Cisco Network Convergence System 1004 CSCwa52235 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52235\"] 7.3.2 SMU/GISO (14 Jan 2022)\r\n7.3.1 SMU (21 Jan 2022) Cisco Optical Network Controller CSCwa48793 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48793\"] 1.1.0 (22 Dec 2021) Cisco SD-WAN vManage CSCwa47745 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47745\"] 20.3.4.1 (Available)\r\n20.6.2.1 (Available)\r\n20.5.1.1 (Available)\r\n20.4.2.1 (Available) Unified Computing Cisco Integrated Management Controller (IMC) Supervisor CSCwa47307 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47307\"] 2.3.2.1 (23 Dec 2021) Cisco UCS Central Software CSCwa47303 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47303\"] 2.0(1p) (22 Dec 2021) Cisco UCS Director CSCwa47288 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47288\"] 6.8.2.0 (23 Dec 2021) Cisco Workload Optimization Manager CSCwa50220 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50220\"] 3.2.1 patch (Available) Voice and Unified Communications Devices Cisco BroadWorks CSCwa47315 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47315\"] 2021.11_1.162 (13 Dec 2021)\r\nap381882 (15 Dec 2021) Cisco Cloud Connect CSCwa51545 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51545\"] 12.6(1) (Available) Cisco Contact Center Domain Manager (CCDM) CSCwa47383 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383\"] 12.5(1) ES6 (Available)\r\n12.6(1) ES3 (Available) Cisco Contact Center Management Portal (CCMP) CSCwa47383 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383\"] 12.5(1) ES6 (Available)\r\n12.6(1) ES3 (Available) Cisco Emergency Responder CSCwa47391 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47391\"] 11.5(4)SU9 patch (16 Dec 2021)\r\n11.5(4)SU10 patch (16 Dec 2021) Cisco Enterprise Chat and Email CSCwa47392 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47392\"] 12.0(1) patch (Available)\r\n12.5 (1) patch (Available)\r\n12.6(1) patch (Available) Cisco Finesse CSCwa46459 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46459\"] 12.6(1)ES03 (23 Dec 2021) Cisco Packaged Contact Center Enterprise CSCwa47274 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47274\"] 11.6(2) (Available)\r\n12.0(1) (Available)\r\n12.5(1) (Available)\r\n12.6(1) (Available) Cisco Paging Server CSCwa47395 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47395\"] 14.4.2 (21 Dec 2021) Cisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition CSCwa47249 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47249\"] 11.5(1)SU7 patch (16 Dec 2021)\r\n11.5(1)SU8 patch (16 Dec 2021)\r\n11.5(1)SU9 patch (16 Dec 2021)\r\n11.5(1)SU10 patch (16 Dec 2021)\r\n11.5(1.18119-2) through 11.5(1.23162-1) patch (16 Dec 2021) Cisco Unified Communications Manager IM \u0026Presence Service CSCwa47393 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47393\"] 11.5(1)SU7 patch (16 Dec 2021)\r\n11.5(1)SU8 patch (16 Dec 2021)\r\n11.5(1)SU9 patch (16 Dec 2021)\r\n11.5(1)SU10 patch (16 Dec 2021)\r\n11.5(1.18900-16) patch (16 Dec 2021)\r\n11.5(1.18901-3) patch (16 Dec 2021) Cisco Unified Contact Center Enterprise - Live Data server CSCwa46810 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46810\"] 11.6(1)ES23 (23 Dec 2021)\r\n12.0(1)ES18 (23 Dec 2021)\r\n12.5(1)ES13 (23 Dec 2021)\r\n12.6(1)ES03 (23 Dec 2021) Cisco Unified Contact Center Enterprise CSCwa47273 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47273\"] 11.6(2) (Available)\r\n12.0(1) (Available)\r\n12.5(1) (Available)\r\n12.6(1) (Available) Cisco Unified Contact Center Express CSCwa47388 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47388\"] 12.5(1)SU1 (23 Dec 2021) Cisco Unified Customer Voice Portal CSCwa47275 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47275\"] 11.6(2) (Available)\r\n12.0(1) (Available)\r\n12.5(1) (Available)\r\n12.6(1) (23 Dec 2021) Cisco Unified Intelligence Center CSCwa46525 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46525\"] 12.6(1) (23 Dec 2021) Cisco Unified SIP Proxy Software CSCwa47265 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47265\"] 10.2.1v2 patch (23 Dec 2021) Cisco Unity Connection CSCwa47387 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47387\"] 11.5(1)SU7 patch (16 Dec 2021)\r\n11.5(1)SU8 patch (16 Dec 2021)\r\n11.5(1)SU9 patch (16 Dec 2021)\r\n11.5(1)SU10 patch (16 Dec 2021)\r\n11.5(1.18119-2) through 11.5(1.23162-1) patch (16 Dec 2021) Cisco Virtualized Voice Browser CSCwa47397 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47397\"] 12.5(1) (Available)\r\n12.6(1) (23 Dec 2021) Cisco Webex Workforce Optimization CSCwa51476 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51476\"] Product is End of Software Maintenance - No Fixes Planned Video, Streaming, TelePresence, and Transcoding Devices Cisco Video Surveillance Operations Manager CSCwa47360 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47360\"] 7.14.4 patch (Available) Cisco Vision Dynamic Signage Director CSCwa47351 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47351\"] Contact Cisco TAC for a patch\r\n6.4 SP3 (17 Jan 2021) Wireless Cisco Connected Mobile Experiences (CMX) CSCwa47312 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47312\"] 10.6.3-70 patch (Available)\r\n10.6.3-105 patch (Available)\r\n10.6.2-89 patch (Available)\r\n10.4.1 patch (Available)", "title": "Vulnerable Products" }, { "category": "general", "text": "Cisco investigated its product line to determine which products may be affected by these vulnerabilities.\r\n\r\nAny product not listed in the Products Under Investigation or Vulnerable Products section of this advisory is to be considered not vulnerable.\r\n\r\nCisco has confirmed that these vulnerabilities do not affect the following Cisco products:\r\n\r\nCable Devices\r\n\r\nCisco GS7000 Nodes\r\nCisco RF Gateway Series\r\nCisco Remote PHY 120\r\n\r\nCollaboration and Social Media\r\n\r\nCisco SocialMiner\r\n\r\nEndpoint Clients and Client Software\r\n\r\nCisco AnyConnect Secure Mobility Client\r\nCisco Jabber Guest\r\nCisco Jabber\r\nCisco Secure Endpoint, formerly Cisco Advanced Malware Protection for Endpoints\r\nCisco Webex App\r\n\r\nMeraki Products\r\n\r\nCisco Meraki Go Series\r\nCisco Meraki MR Series Cloud-Managed Wireless Access Points\r\nCisco Meraki MS Series Switches\r\nCisco Meraki MT Series Sensors\r\nCisco Meraki MV Series Cloud-Managed Smart Cameras\r\nCisco Meraki MX Series Cloud-Managed Security and SD-WAN\r\nCisco Meraki Systems Manager (SM)\r\nCisco Meraki Z-Series Cloud-Managed Teleworker Gateway\r\n\r\nNetwork Application, Service, and Acceleration\r\n\r\nCisco Cloud Services Platform 2100\r\nCisco Cloud Services Platform 5000 Series\r\nCisco Nexus Dashboard Data Broker\r\nCisco Tetration Analytics\r\nCisco Wide Area Application Services (WAAS)\r\nConfD\r\n\r\nNetwork and Content Security Devices\r\n\r\nCisco AMP Virtual Private Cloud Appliance\r\nCisco Adaptive Security Appliance (ASA) Software\r\nCisco Adaptive Security Device Manager\r\nCisco Adaptive Security Virtual Appliance (ASAv)\r\nCisco Advanced Web Security Reporting Application\r\nCisco Email Security Appliance (ESA)\r\nCisco FXOS Firepower Chassis Manager\r\nCisco Firepower Management Center\r\nCisco Firepower Next-Generation Intrusion Prevention System (NGIPS)\r\nCisco Firepower Threat Defense (FTD) managed by Cisco Firepower Management Center\r\nCisco Secure Email Encryption Add-in\r\nCisco Secure Email Encryption Plugin for Outlook\r\nCisco Secure Email Security Plugin for Outlook\r\nCisco Secure Email and Web Manager, formerly Cisco Content Security Management Appliance (SMA)\r\nCisco Secure Network Analytics, formerly Stealthwatch Enterprise, Advanced Host Group Automation (AHGA)\r\nCisco Secure Network Analytics, formerly Stealthwatch Enterprise, Flow Adapter\r\nCisco Secure Network Analytics, formerly Stealthwatch Enterprise, Network Forensics Automation (NFA)\r\nCisco Secure Network Analytics, formerly Stealthwatch Enterprise, Proxy Adapter\r\nCisco Secure Network Analytics, formerly Stealthwatch\r\nCisco Secure Services Proxy (CSSP)\r\nCisco Security Malware Analytics Appliance, formerly Cisco Threat Grid Appliance\r\nCisco Security Manager\r\nCisco Web Security Appliance (WSA)\r\n\r\nNetwork Management and Provisioning\r\n\r\nCisco ACI Multi-Site Orchestrator\r\nCisco CloudCenter Action Orchestrator\r\nCisco Connected Grid Device Manager\r\nCisco Container Platform\r\nCisco Crosswork Change Automation\r\nCisco Crosswork Health Insights\r\nCisco Crosswork Service Health\r\nCisco Elastic Services Controller (ESC)\r\nCisco Intelligent Node (iNode) Manager\r\nCisco Intersight Mobile App\r\nCisco IoT Field Network Director, formerly Cisco Connected Grid Network Management System\r\nCisco Modeling Labs\r\nCisco NCS 2000 Shelf Virtualization Orchestrator\r\nCisco Optical Network Planner\r\nCisco Policy Suite\r\nCisco Prime Access Registrar\r\nCisco Prime Cable Provisioning\r\nCisco Prime Central for Service Providers\r\nCisco Prime Collaboration Assurance\r\nCisco Prime Collaboration Deployment\r\nCisco Prime Collaboration Provisioning\r\nCisco Prime IP Express\r\nCisco Prime Infrastructure\r\nCisco Prime License Manager\r\nCisco Prime Network Registrar\r\nCisco Prime Network\r\nCisco Prime Optical for Service Providers\r\nCisco Prime Performance Manager\r\nCisco Prime Provisioning\r\nCisco Process Orchestrator\r\nCisco Smart Software Manager On-Prem\r\nCisco Telemetry Broker\r\n\r\nRouting and Switching - Enterprise and Service Provider\r\n\r\nCisco ACI Virtual Edge\r\nCisco ASR 5000 Series Routers\r\nCisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)\r\nCisco Enterprise NFV Infrastructure Software (NFVIS)\r\nCisco GGSN Gateway GPRS Support Node\r\nCisco IOS XR Software\r\nCisco IOS and IOS XE Software\r\nCisco IP Services Gateway (IPSG)\r\nCisco MDS 9000 Series Multilayer Switches\r\nCisco MME Mobility Management Entity\r\nCisco Mobility Unified Reporting and Analytics System\r\nCisco Network Convergence System 2000 Series\r\nCisco Nexus 3000 Series Switches\r\nCisco Nexus 5500 Platform Switches\r\nCisco Nexus 5600 Platform Switches\r\nCisco Nexus 6000 Series Switches\r\nCisco Nexus 7000 Series Switches\r\nCisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode\r\nCisco Nexus 9000 Series Switches in standalone NX-OS mode\r\nCisco ONS 15454 Series Multiservice Provisioning Platforms\r\nCisco PDSN/HA Packet Data Serving Node and Home Agent\r\nCisco PGW Packet Data Network Gateway\r\nCisco SD-WAN vBond Controller Software\r\nCisco SD-WAN vEdge 100 Series Routers\r\nCisco SD-WAN vEdge 1000 Series Routers\r\nCisco SD-WAN vEdge 2000 Series Routers\r\nCisco SD-WAN vEdge 5000 Series Routers\r\nCisco SD-WAN vEdge Cloud Router Platform\r\nCisco SD-WAN vSmart Controller Software\r\nCisco System Architecture Evolution Gateway (SAEGW)\r\nCisco Ultra Cloud Core - Access and Mobility Management Function\r\nCisco Ultra Cloud Core - Policy Control Function\r\nCisco Ultra Cloud Core - Redundancy Configuration Manager\r\nCisco Ultra Cloud Core - Session Management Function\r\nCisco Ultra Cloud Core - Subscriber Microservices Infrastructure\r\nCisco Ultra Packet Core\r\nCisco Ultra Services Platform\r\n\r\nRouting and Switching - Small Business\r\n\r\nCisco 220 Series Smart Plus Switches\r\nCisco 250 Series Smart Switches\r\nCisco 350 Series Managed Switches\r\nCisco 550 Series Stackable Managed Switches\r\nCisco Business 220 Series Smart Switches\r\nCisco Business 250 Series Smart Switches\r\nCisco Business 350 Series Managed Switches\r\nCisco Business Dashboard\r\nCisco RV110W Wireless-N VPN Firewall\r\nCisco RV130 VPN Router\r\nCisco RV130W Wireless-N Multifunction VPN Router\r\nCisco RV132W ADSL2+ Wireless-N VPN Router\r\nCisco RV134W VDSL2 Wireless-AC VPN Router\r\nCisco RV160 VPN Router\r\nCisco RV160W Wireless-AC VPN Router\r\nCisco RV215W Wireless-N VPN Router\r\nCisco RV260 VPN Routers\r\nCisco RV260P VPN Router with PoE\r\nCisco RV260W Wireless-AC VPN Router\r\nCisco RV320 Dual Gigabit WAN VPN Router\r\nCisco RV325 Dual Gigabit WAN VPN Router\r\nCisco RV340 Dual WAN Gigabit VPN Router\r\nCisco RV340W Dual WAN Gigabit Wireless-AC VPN Router\r\nCisco RV345 Dual WAN Gigabit VPN Router\r\nCisco RV345P Dual WAN Gigabit POE VPN Router\r\nCisco Small Business 200 Series Smart Switches\r\nCisco Small Business 300 Series Managed Switches\r\nCisco Small Business 500 Series Stackable Managed Switches\r\nCisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE\r\nCisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE\r\nCisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE\r\nCisco WAP371 Wireless-AC/N Radio Access Point with Single Point Setup\r\nCisco WAP571 Wireless-AC/N Premium Dual Radio Access Point with PoE\r\nCisco WAP571E Wireless-AC/N Premium Dual Radio Outdoor Access Point\r\nCisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN\r\n\r\nUnified Computing\r\n\r\nCisco 5000 Series Enterprise Network Compute System (ENCS)\r\nCisco HyperFlex System\r\nCisco Hyperflex Storage Replication Adapter\r\nCisco UCS C-Series Rack Servers and S-Series Storage Servers - Integrated Management Controller (CIMC)\r\nCisco UCS E-Series Servers\r\nCisco UCS Manager\r\n\r\nVoice and Unified Communications Devices\r\n\r\nCisco Headset 500 and 700 Series\r\nCisco Hosted Collaboration Mediation Fulfillment\r\nCisco IP Phones with Multiplatform Firmware\r\nCisco IP Phones\r\nCisco TelePresence Endpoints\r\nCisco Unified Attendant Console Advanced\r\nCisco Unified Attendant Console Business Edition\r\nCisco Unified Attendant Console Department Edition\r\nCisco Unified Attendant Console Enterprise Edition\r\nCisco Unified Attendant Console Premium Edition\r\nCisco Unified Communications Domain Manager\r\nCisco Unity Express\r\nCisco Webex Devices\r\nCisco Webex Hybrid Data Security Node\r\nCisco Webex Video Mesh\r\n\r\nVideo, Streaming, TelePresence, and Transcoding Devices\r\n\r\nCisco Expressway Series\r\nCisco Meeting Management (CMM)\r\nCisco Meeting Server\r\nCisco TelePresence Management Suite\r\nCisco TelePresence Video Communication Server (VCS)\r\nCisco Video Surveillance Media Server\r\n\r\nWireless\r\n\r\nCisco AireOS Wireless LAN Controllers\r\nCisco Aironet Access Points\r\nCisco Business 100 and 200 Series Access Points\r\nCisco Business Wireless\r\nCisco Catalyst 9100 Series Access Points\r\nCisco Catalyst 9800 Series Wireless Controllers\r\nCisco IOS Access Points\r\nCisco Mobility Services Engine\r\nCisco Ultra-Reliable Wireless Backhaul\r\n Cisco Cloud Offerings\r\nCisco investigated its cloud offerings to determine which products may be affected by these vulnerabilities. The following table lists Cisco cloud offerings that were part of this investigation.\r\n\r\n Product CVE-2021-44228 CVE-2021-45046 AppDynamics Remediated - service-specific details [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Remediated - service-specific details [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] AppDynamics with Cisco Secure Application Remediated - service-specific details [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Remediated - service-specific details [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Cisco Cloud Email Security Not vulnerable Not vulnerable Cisco Cloudlock Remediated Remediated Cisco Cloudlock for Government Remediated Remediated Cisco Cognitive Intelligence Not vulnerable Not vulnerable Cisco Collaboration Experience Service (CES) Not vulnerable Not vulnerable Cisco Collaboration Experience Service Management (CESM) Not vulnerable Not vulnerable Cisco Crosswork Cloud Not vulnerable Not vulnerable Cisco CX Cloud Remediated Remediated Cisco Defense Orchestrator Not vulnerable Not vulnerable Cisco DNA Spaces Remediated Remediated Cisco Intersight Remediated Remediated Cisco IoT Control Center Remediated Remediated Cisco IoT Operations Dashboard Remediated Remediated Cisco Kinetic for Cities Remediated Remediated Cisco Kinetic Gateway Management Module Remediated Remediated Cisco Managed Services Accelerator (MSX) Remediated Remediated Cisco Placetel Not vulnerable Not vulnerable Cisco PX Cloud Remediated Remediated Cisco SD-WAN Cloud Remediated Remediated Cisco SD-WAN vAnalytics Not vulnerable Not vulnerable Cisco Secure Application (integrated with AppDynamics) Not vulnerable [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Not vulnerable [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Cisco Secure Cloud Analytics, formerly Cisco Stealthwatch Cloud Not vulnerable Not vulnerable Cisco Secure Cloud Insights Not vulnerable Not vulnerable Cisco Secure Email Cloud Mailbox, formerly Cisco Cloud Mailbox Defense Not vulnerable Not vulnerable Cisco Secure Email Encryption Service, formerly Cisco Registered Envelope Service Not vulnerable Not vulnerable Cisco Secure Endpoint, formerly Cisco Advanced Malware Protection for Endpoints Not vulnerable Not vulnerable Cisco Secure Malware Analytics, formerly Cisco Threat Grid Not vulnerable Not vulnerable Cisco SecureX Not vulnerable Not vulnerable Cisco ServiceGrid Not vulnerable Not vulnerable Cisco Smart Net Total Care Remediated Remediated Cisco Umbrella DNS Remediated Remediated Cisco Umbrella SIG Remediated Remediated Cisco Unified Communications Management Cloud - UC Management Remediated Remediated Cisco Unified Communications Manager Cloud Commercial Remediated Remediated Cisco Unified Communications Manager Cloud for Government Remediated Remediated Cisco Webex Calling Remediated Remediated Cisco Webex Calling Carrier Remediated Remediated Cisco Webex Cloud Registered Endpoints Not vulnerable Not vulnerable Cisco Webex Cloud-Connected UC Remediated Remediated Cisco Webex Contact Center Remediated Remediated Cisco Webex Contact Center Enterprise Remediated Remediated Cisco Webex Control Hub Remediated Remediated Cisco Webex Experience Management Not vulnerable Not vulnerable Cisco Webex FedRAMP Remediated Remediated Cisco Webex for Government FedRAMP Remediated Remediated Cisco Webex Meetings Remediated Remediated Cisco Webex Meetings Slow Channel Remediated Remediated Cisco Webex Messaging Remediated Remediated Cisco Webex Site Admin webpage Remediated Remediated Duo Security Remediated Remediated Duo Security for Government Remediated Remediated eSIM Flex Remediated Remediated IMIassist Not vulnerable Not vulnerable IMIcampaign Not vulnerable Not vulnerable IMIconnect Remediated Remediated IMIengage Not vulnerable Not vulnerable IMImessenger/TextLocal Messenger Not vulnerable Not vulnerable IMImobile - Webex Contact Center Integration Remediated Remediated IMInotify Not vulnerable Not vulnerable IMIsocial Not vulnerable Not vulnerable Kenna.AppSec Remediated Remediated Kenna.VI/VI+ Remediated Remediated Kenna.VM Remediated Remediated Meraki Not vulnerable Not vulnerable Partner Supporting Service(PSS) Remediated Remediated Slido Not vulnerable Not vulnerable Smart Call Home(SCH) Remediated Remediated Socio Not vulnerable Not vulnerable ThousandEyes Remediated Remediated UC-One - UMS Not vulnerable Not vulnerable", "title": "Products Confirmed Not Vulnerable" }, { "category": "general", "text": "Any workarounds are documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products [\"#vp\"] section of this advisory.", "title": "Workarounds" }, { "category": "general", "text": "For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.", "title": "Fixed Software" }, { "category": "general", "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", "title": "Vulnerability Policy" }, { "category": "general", "text": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities described in this advisory.", "title": "Exploitation and Public Announcements" }, { "category": "general", "text": "These vulnerabilities were disclosed by the Apache Software Foundation.", "title": "Source" }, { "category": "legal_disclaimer", "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", "title": "Legal Disclaimer" } ], "publisher": { "category": "vendor", "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.", "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", "name": "Cisco", "namespace": "https://wwww.cisco.com" }, "references": [ { "category": "self", "summary": "Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "category": "external", "summary": "Cisco Security Vulnerability Policy", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html" }, { "category": "external", "summary": "Apache Log4j Security Vulnerabilities", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "Talos Rules 2021-12-21", "url": "https://www.snort.org/advisories/talos-rules-2021-12-21" }, { "category": "external", "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "category": "external", "summary": "Fixed Release Availability", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes" }, { "category": "external", "summary": "CSCwa47283", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47283" }, { "category": "external", "summary": "CSCwa47272", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47272" }, { "category": "external", "summary": "CSCwa54008", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa54008" }, { "category": "external", "summary": "CSCwa47284", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47284" }, { "category": "external", "summary": "CSCwa46963", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46963" }, { "category": "external", "summary": "CSCwa47133", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133" }, { "category": "external", "summary": "CSCwa47295", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47295" }, { "category": "external", "summary": "CSCwa48806", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48806" }, { "category": "external", "summary": "CSCwa47269", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47269" }, { "category": "external", "summary": "CSCwa48074", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48074" }, { "category": "external", "summary": "CSCwa47349", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47349" }, { "category": "external", "summary": "CSCwa47350", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47350" }, { "category": "external", "summary": "CSCwa48832", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48832" }, { "category": "external", "summary": "CSCwa47271", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47271" }, { "category": "external", "summary": "CSCwa47257", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47257" }, { "category": "external", "summary": "CSCwa49936", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49936" }, { "category": "external", "summary": "CSCwa49939", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49939" }, { "category": "external", "summary": "CSCwa47367", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47367" }, { "category": "external", "summary": "CSCwa51878", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51878" }, { "category": "external", "summary": "CSCwa47259", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47259" }, { "category": "external", "summary": "CSCwa49482", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49482" }, { "category": "external", "summary": "CSCwa47320", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47320" }, { "category": "external", "summary": "CSCwa47291", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47291" }, { "category": "external", "summary": "CSCwa47310", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47310" }, { "category": "external", "summary": "CSCwa47304", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47304" }, { "category": "external", "summary": "CSCwa47342", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47342" }, { "category": "external", "summary": "CSCwa47299", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47299" }, { "category": "external", "summary": "CSCwa47347", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47347" }, { "category": "external", "summary": "CSCwa52921", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52921" }, { "category": "external", "summary": "CSCwa50021", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50021" }, { "category": "external", "summary": "CSCwa47334", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47334" }, { "category": "external", "summary": "CSCwa49924", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49924" }, { "category": "external", "summary": "CSCwa47369", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47369" }, { "category": "external", "summary": "CSCwa47322", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322" }, { "category": "external", "summary": "CSCwa47370", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47370" }, { "category": "external", "summary": "CSCwa47285", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47285" }, { "category": "external", "summary": "CSCwa52235", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52235" }, { "category": "external", "summary": "CSCwa48793", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48793" }, { "category": "external", "summary": "CSCwa47745", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47745" }, { "category": "external", "summary": "CSCwa47307", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47307" }, { "category": "external", "summary": "CSCwa47303", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47303" }, { "category": "external", "summary": "CSCwa47288", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47288" }, { "category": "external", "summary": "CSCwa50220", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50220" }, { "category": "external", "summary": "CSCwa47315", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47315" }, { "category": "external", "summary": "CSCwa51545", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51545" }, { "category": "external", "summary": "CSCwa47383", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383" }, { "category": "external", "summary": "CSCwa47383", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383" }, { "category": "external", "summary": "CSCwa47391", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47391" }, { "category": "external", "summary": "CSCwa47392", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47392" }, { "category": "external", "summary": "CSCwa46459", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46459" }, { "category": "external", "summary": "CSCwa47274", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47274" }, { "category": "external", "summary": "CSCwa47395", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47395" }, { "category": "external", "summary": "CSCwa47249", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47249" }, { "category": "external", "summary": "CSCwa47393", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47393" }, { "category": "external", "summary": "CSCwa46810", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46810" }, { "category": "external", "summary": "CSCwa47273", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47273" }, { "category": "external", "summary": "CSCwa47388", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47388" }, { "category": "external", "summary": "CSCwa47275", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47275" }, { "category": "external", "summary": "CSCwa46525", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46525" }, { "category": "external", "summary": "CSCwa47265", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47265" }, { "category": "external", "summary": "CSCwa47387", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47387" }, { "category": "external", "summary": "CSCwa47397", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47397" }, { "category": "external", "summary": "CSCwa51476", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51476" }, { "category": "external", "summary": "CSCwa47360", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47360" }, { "category": "external", "summary": "CSCwa47351", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47351" }, { "category": "external", "summary": "CSCwa47312", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47312" }, { "category": "external", "summary": "Remediated - service-specific details", "url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability" }, { "category": "external", "summary": "Remediated - service-specific details", "url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability" }, { "category": "external", "summary": "Remediated - service-specific details", "url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability" }, { "category": "external", "summary": "Remediated - service-specific details", "url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability" }, { "category": "external", "summary": "Not vulnerable", "url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability" }, { "category": "external", "summary": "Not vulnerable", "url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability" }, { "category": "external", "summary": "Security Vulnerability Policy", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html" } ], "title": "Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tracking": { "current_release_date": "2022-01-31T21:16:10+00:00", "generator": { "date": "2022-10-22T03:14:00+00:00", "engine": { "name": "TVCE" } }, "id": "cisco-sa-apache-log4j-qRuKNEbd", "initial_release_date": "2021-12-10T18:45:00+00:00", "revision_history": [ { "date": "2021-12-10T18:49:19+00:00", "number": "1.0.0", "summary": "Initial public release." }, { "date": "2021-12-10T20:58:15+00:00", "number": "1.1.0", "summary": "Added Snort rule link." }, { "date": "2021-12-11T00:58:43+00:00", "number": "1.2.0", "summary": "Added Products Under Investigation." }, { "date": "2021-12-11T19:15:38+00:00", "number": "1.3.0", "summary": "Indicated advisory update schedule. Updated the vulnerable products and products confirmed not vulnerable." }, { "date": "2021-12-11T23:12:24+00:00", "number": "1.4.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-12T15:01:39+00:00", "number": "1.5.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-12T18:11:59+00:00", "number": "1.6.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-12T19:02:40+00:00", "number": "1.7.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-12T23:05:52+00:00", "number": "1.8.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-13T15:31:38+00:00", "number": "1.9.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-13T20:34:26+00:00", "number": "1.10.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-13T23:43:56+00:00", "number": "1.11.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-14T15:42:33+00:00", "number": "1.12.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-14T19:36:34+00:00", "number": "1.13.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-14T23:57:07+00:00", "number": "1.14.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-15T15:08:09+00:00", "number": "1.15.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-15T19:27:33+00:00", "number": "1.16.0", "summary": "Updated the summary, products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-15T23:51:35+00:00", "number": "1.17.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-16T15:22:33+00:00", "number": "1.18.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-16T19:07:05+00:00", "number": "1.19.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-16T23:12:10+00:00", "number": "1.20.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-17T19:02:40+00:00", "number": "1.21.0", "summary": "Updated the summary, products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-18T00:07:30+00:00", "number": "1.22.0", "summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable." }, { "date": "2021-12-19T16:29:55+00:00", "number": "1.23.0", "summary": "Updated summary and products under investigation." }, { "date": "2021-12-20T20:29:03+00:00", "number": "1.24.0", "summary": "Updated vulnerable products and products confirmed not vulnerable." }, { "date": "2021-12-21T20:55:00+00:00", "number": "1.25.0", "summary": "Updated vulnerable products and products confirmed not vulnerable." }, { "date": "2021-12-22T20:47:44+00:00", "number": "1.26.0", "summary": "Updated vulnerable products and products confirmed not vulnerable. Updated the summary to indicate that no Cisco products are affected by CVE-2021-45105." }, { "date": "2021-12-22T22:58:15+00:00", "number": "1.27.0", "summary": "Updated vulnerable products." }, { "date": "2022-01-06T23:16:04+00:00", "number": "1.28.0", "summary": "Updated summary and vulnerable products." }, { "date": "2022-01-07T18:00:53+00:00", "number": "1.29.0", "summary": "Updated vulnerable products." }, { "date": "2022-01-10T18:01:02+00:00", "number": "1.30.0", "summary": "Updated vulnerable products." }, { "date": "2022-01-11T20:28:32+00:00", "number": "1.31.0", "summary": "Updated products confirmed not vulnerable." }, { "date": "2022-01-31T21:16:10+00:00", "number": "1.32.0", "summary": "Updated vulnerable products." } ], "status": "final", "version": "1.32.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_family", "name": "Cisco Unified Communications Manager IM and Presence Service", "product": { "name": "Cisco Unified Communications Manager IM and Presence Service ", "product_id": "CSAFPID-189784" } }, { "category": "product_family", "name": "Cisco Evolved Programmable Network Manager (EPNM)", "product": { "name": "Cisco Evolved Programmable Network Manager (EPNM) ", "product_id": "CSAFPID-213688" } }, { "category": "product_family", "name": "Cisco Network Services Orchestrator", "product": { "name": "Cisco Network Services Orchestrator ", "product_id": "CSAFPID-227765" } }, { "category": "product_family", "name": "Cisco Unified Communications Manager / Cisco Unity Connection", "product": { "name": "Cisco Unified Communications Manager / Cisco Unity Connection ", "product_id": "CSAFPID-277610" } } ], "category": "vendor", "name": "Cisco" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-213688", "CSAFPID-227765", "CSAFPID-277610", "CSAFPID-189784" ] }, "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-277610", "CSAFPID-213688", "CSAFPID-227765", "CSAFPID-189784" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-213688", "CSAFPID-227765", "CSAFPID-277610", "CSAFPID-189784" ] } ], "title": "vuln-CVE-2021-44832" }, { "cve": "CVE-2021-45046", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCwa47310" }, { "system_name": "Cisco Bug ID", "text": "CSCwa56230" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-227765", "CSAFPID-277610", "CSAFPID-213688", "CSAFPID-189784" ] }, "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-277610", "CSAFPID-213688", "CSAFPID-227765", "CSAFPID-189784" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-227765", "CSAFPID-277610", "CSAFPID-213688", "CSAFPID-189784" ] } ], "title": "vuln-CVE-2021-45046" }, { "cve": "CVE-2021-44228", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCwa56230" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-277610", "CSAFPID-189784" ] }, "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-277610", "CSAFPID-189784" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 10.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-277610", "CSAFPID-189784" ] } ], "title": "Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021" }, { "cve": "CVE-2021-45105", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCwa56230" }, { "system_name": "Cisco Bug ID", "text": "CSCwa54650" }, { "system_name": "Cisco Bug ID", "text": "CSCwa47310" } ], "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-189784", "CSAFPID-213688" ] }, "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-213688", "CSAFPID-189784" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-189784", "CSAFPID-213688" ] } ], "title": "Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 (CVE-2021-45105)" } ] }
gsd-2021-44832
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2021-44832", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "id": "GSD-2021-44832", "references": [ "https://www.suse.com/security/cve/CVE-2021-44832.html", "https://access.redhat.com/errata/RHSA-2022:0493", "https://access.redhat.com/errata/RHSA-2022:0485", "https://access.redhat.com/errata/RHSA-2022:0467", "https://access.redhat.com/errata/RHSA-2022:0236", "https://access.redhat.com/errata/RHSA-2022:0230", "https://access.redhat.com/errata/RHSA-2022:0227", "https://access.redhat.com/errata/RHSA-2022:0226", "https://access.redhat.com/errata/RHSA-2022:0225", "https://access.redhat.com/errata/RHSA-2022:0223", "https://access.redhat.com/errata/RHSA-2022:0222", "https://access.redhat.com/errata/RHSA-2022:0216", "https://access.redhat.com/errata/RHSA-2022:0205", "https://access.redhat.com/errata/RHSA-2022:0203", "https://access.redhat.com/errata/RHSA-2022:0181", "https://access.redhat.com/errata/RHSA-2022:0138", "https://access.redhat.com/errata/RHSA-2022:0083", "https://ubuntu.com/security/CVE-2021-44832", "https://advisories.mageia.org/CVE-2021-44832.html", "https://access.redhat.com/errata/RHSA-2022:1296", "https://access.redhat.com/errata/RHSA-2022:1297", "https://access.redhat.com/errata/RHSA-2022:1299" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-44832" ], "details": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "id": "GSD-2021-44832", "modified": "2023-12-13T01:23:20.780934Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-44832", "STATE": "PUBLIC", "TITLE": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Log4j2", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.17.1" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.13.0" }, { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.12.4" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.4" }, { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.3.2" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.0-beta7" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] }, { "description": [ { "lang": "eng", "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "refsource": "MISC", "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "name": "https://issues.apache.org/jira/browse/LOG4J2-3293", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "name": "FEDORA-2021-c6f471ce0f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" }, { "name": "FEDORA-2021-1bd9151bab", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220104-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, "source": { "defect": [ "LOG4J2-3293", "" ], "discovery": "UNKNOWN" }, "timeline": [ { "lang": "eng", "time": "2021-12-27", "value": "reported" }, { "lang": "eng", "time": "2021-12-27", "value": "patch proposed, 2.17.1-rc1" }, { "lang": "eng", "time": "2021-12-28", "value": "fixed" }, { "lang": "eng", "time": "2021-12-28", "value": "public" } ] }, "gitlab.com": { "advisories": [ { "affected_range": "(,0)", "affected_versions": "All versions starting from 2.0 before before 2.17.1", "cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-74", "CWE-78", "CWE-937" ], "date": "2022-02-08", "description": "This advisory has been marked as a false positive.", "fixed_versions": [], "identifier": "CVE-2021-44832", "identifiers": [ "GHSA-8489-44mv-ggj8", "CVE-2021-44832" ], "not_impacted": "All versions before 2.0, all versions starting from 2.17.1", "package_slug": "maven/org.apache.logging.log4j/log4j-api", "pubdate": "2022-01-04", "solution": "Upgrade to versions 2.3.2, 2.12.4, 2.17.1 or above.", "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "https://issues.apache.org/jira/browse/LOG4J2-3293", "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html", "http://www.openwall.com/lists/oss-security/2021/12/28/1", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://github.com/advisories/GHSA-8489-44mv-ggj8" ], "uuid": "aac29170-dbdc-489f-925a-5bfc54bb0191" }, { "affected_range": "[2.0,2.3.2],[2.4,2.12.4),[2.13.0,2.17.1)", "affected_versions": "All versions starting from 2.0 up to 2.3.2, all versions starting from 2.4 before 2.12.4, all versions starting from 2.13.0 before 2.17.1", "cvss_v2": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2022-08-09", "description": "Apache Log4j2 ", "fixed_versions": [ "2.12.4", "2.17.1" ], "identifier": "CVE-2021-44832", "identifiers": [ "CVE-2021-44832" ], "not_impacted": "All versions before 2.0, all versions after 2.3.2 before 2.4, all versions starting from 2.12.4 before 2.13.0, all versions starting from 2.17.1", "package_slug": "maven/org.apache.logging.log4j/log4j-core", "pubdate": "2021-12-28", "solution": "Upgrade to versions 2.12.4, 2.17.1 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "https://issues.apache.org/jira/browse/LOG4J2-3293", "http://www.openwall.com/lists/oss-security/2021/12/28/1", "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" ], "uuid": "be579f59-acaa-442b-ad7b-cf1ddea99b15" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.17.1", "versionStartIncluding": "2.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.4", "versionStartIncluding": "2.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3.2", "versionStartIncluding": "2.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.3.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.2.24", "versionStartIncluding": "12.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.2.24", "versionStartIncluding": "12.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.0.0.4.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.0.0.4.6", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-44832" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "refsource": "MISC", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "name": "https://issues.apache.org/jira/browse/LOG4J2-3293", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220104-0001/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "name": "FEDORA-2021-1bd9151bab", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" }, { "name": "FEDORA-2021-c6f471ce0f", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "refsource": "CISCO", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.7, "impactScore": 5.9 } }, "lastModifiedDate": "2022-08-09T01:24Z", "publishedDate": "2021-12-28T20:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.