csaf_redhat - rhsa-2022

rhsa-2022_0225

Vulnerability from csaf_redhat

Published

2022-01-20 21:09

Modified

2024-11-24 21:30

Summary

Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.0.12)

Notes

Topic

An update is now available for OpenShift Logging (5.0.12) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Openshift Logging Bug Fix Release (5.0.12) Security Fix(es): * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://access.redhat.com/security/updates/classification/",
         text: "Moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright © Red Hat, Inc. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "An update is now available for OpenShift Logging (5.0.12)\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
            title: "Topic",
         },
         {
            category: "general",
            text: "Openshift Logging Bug Fix Release (5.0.12)\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)",
            title: "Details",
         },
         {
            category: "legal_disclaimer",
            text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
            title: "Terms of Use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://access.redhat.com/security/team/contact/",
         issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
         name: "Red Hat Product Security",
         namespace: "https://www.redhat.com",
      },
      references: [
         {
            category: "self",
            summary: "https://access.redhat.com/errata/RHSA-2022:0225",
            url: "https://access.redhat.com/errata/RHSA-2022:0225",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/security/updates/classification/#moderate",
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            category: "external",
            summary: "2035951",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=2035951",
         },
         {
            category: "external",
            summary: "LOG-2089",
            url: "https://issues.redhat.com/browse/LOG-2089",
         },
         {
            category: "self",
            summary: "Canonical URL",
            url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0225.json",
         },
      ],
      title: "Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.0.12)",
      tracking: {
         current_release_date: "2024-11-24T21:30:04+00:00",
         generator: {
            date: "2024-11-24T21:30:04+00:00",
            engine: {
               name: "Red Hat SDEngine",
               version: "4.2.1",
            },
         },
         id: "RHSA-2022:0225",
         initial_release_date: "2022-01-20T21:09:05+00:00",
         revision_history: [
            {
               date: "2022-01-20T21:09:05+00:00",
               number: "1",
               summary: "Initial version",
            },
            {
               date: "2022-01-20T21:09:06+00:00",
               number: "2",
               summary: "Last updated version",
            },
            {
               date: "2024-11-24T21:30:04+00:00",
               number: "3",
               summary: "Last generated version",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "OpenShift Logging 5.0",
                        product: {
                           name: "OpenShift Logging 5.0",
                           product_id: "8Base-OSE-LOGGING-5.0",
                           product_identification_helper: {
                              cpe: "cpe:/a:redhat:logging:5.0::el8",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "Red Hat OpenShift Enterprise",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x",
                        product: {
                           name: "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x",
                           product_id: "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x",
                           product_identification_helper: {
                              purl: "pkg:oci/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135?arch=s390x&repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x",
                        product: {
                           name: "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x",
                           product_id: "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7?arch=s390x&repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x",
                        product: {
                           name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x",
                           product_id: "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119?arch=s390x&repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x",
                        product: {
                           name: "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x",
                           product_id: "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x",
                           product_identification_helper: {
                              purl: "pkg:oci/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8?arch=s390x&repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
                        product: {
                           name: "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
                           product_id: "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da?arch=s390x&repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x",
                        product: {
                           name: "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x",
                           product_id: "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x",
                           product_identification_helper: {
                              purl: "pkg:oci/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79?arch=s390x&repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x",
                        product: {
                           name: "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x",
                           product_id: "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x",
                           product_identification_helper: {
                              purl: "pkg:oci/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1?arch=s390x&repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x",
                        product: {
                           name: "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x",
                           product_id: "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x",
                           product_identification_helper: {
                              purl: "pkg:oci/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374?arch=s390x&repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le",
                        product: {
                           name: "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le",
                           product_id: "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le",
                           product_identification_helper: {
                              purl: "pkg:oci/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le",
                        product: {
                           name: "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le",
                           product_id: "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le",
                        product: {
                           name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le",
                           product_id: "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le",
                        product: {
                           name: "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le",
                           product_id: "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le",
                           product_identification_helper: {
                              purl: "pkg:oci/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
                        product: {
                           name: "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
                           product_id: "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le",
                        product: {
                           name: "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le",
                           product_id: "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le",
                           product_identification_helper: {
                              purl: "pkg:oci/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le",
                        product: {
                           name: "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le",
                           product_id: "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le",
                           product_identification_helper: {
                              purl: "pkg:oci/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le",
                        product: {
                           name: "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le",
                           product_id: "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le",
                           product_identification_helper: {
                              purl: "pkg:oci/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64",
                        product: {
                           name: "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64",
                           product_id: "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94?arch=amd64&repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64",
                        product: {
                           name: "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64",
                           product_id: "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d?arch=amd64&repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64",
                        product: {
                           name: "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64",
                           product_id: "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0?arch=amd64&repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64",
                        product: {
                           name: "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64",
                           product_id: "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c?arch=amd64&repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64",
                        product: {
                           name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64",
                           product_id: "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8?arch=amd64&repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64",
                        product: {
                           name: "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64",
                           product_id: "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6?arch=amd64&repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
                        product: {
                           name: "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
                           product_id: "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae?arch=amd64&repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64",
                        product: {
                           name: "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64",
                           product_id: "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a?arch=amd64&repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64",
                        product: {
                           name: "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64",
                           product_id: "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823?arch=amd64&repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64",
                        product: {
                           name: "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64",
                           product_id: "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64",
                           product_identification_helper: {
                              purl: "pkg:oci/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3?arch=amd64&repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8&tag=v5.0.12-1",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "amd64",
               },
            ],
            category: "vendor",
            name: "Red Hat",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64",
            },
            product_reference: "openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le",
            },
            product_reference: "openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x",
            },
            product_reference: "openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64",
            },
            product_reference: "openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64",
            },
            product_reference: "openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le",
            },
            product_reference: "openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64",
            },
            product_reference: "openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x",
            },
            product_reference: "openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64",
            },
            product_reference: "openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le",
            },
            product_reference: "openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x",
            },
            product_reference: "openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
            },
            product_reference: "openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
            },
            product_reference: "openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
            },
            product_reference: "openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le",
            },
            product_reference: "openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x",
            },
            product_reference: "openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64",
            },
            product_reference: "openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le",
            },
            product_reference: "openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x",
            },
            product_reference: "openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64",
            },
            product_reference: "openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x",
            },
            product_reference: "openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64",
            },
            product_reference: "openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le",
            },
            product_reference: "openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64 as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64",
            },
            product_reference: "openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le",
            },
            product_reference: "openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x as a component of OpenShift Logging 5.0",
               product_id: "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x",
            },
            product_reference: "openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x",
            relates_to_product_reference: "8Base-OSE-LOGGING-5.0",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2021-44832",
         cwe: {
            id: "CWE-20",
            name: "Improper Input Validation",
         },
         discovery_date: "2021-12-28T00:00:00+00:00",
         flags: [
            {
               label: "vulnerable_code_not_present",
               product_ids: [
                  "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x",
               ],
            },
         ],
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "2035951",
            },
         ],
         notes: [
            {
               category: "description",
               text: "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "log4j-core: remote code execution via JDBC Appender",
               title: "Vulnerability summary",
            },
            {
               category: "other",
               text: "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5",
               title: "Statement",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
            ],
            known_not_affected: [
               "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le",
               "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x",
               "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le",
               "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x",
               "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le",
               "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x",
               "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le",
               "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x",
               "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x",
               "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le",
               "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64",
               "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le",
               "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2021-44832",
            },
            {
               category: "external",
               summary: "RHBZ#2035951",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2035951",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2021-44832",
               url: "https://www.cve.org/CVERecord?id=CVE-2021-44832",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44832",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44832",
            },
            {
               category: "external",
               summary: "https://issues.apache.org/jira/browse/LOG4J2-3293",
               url: "https://issues.apache.org/jira/browse/LOG4J2-3293",
            },
         ],
         release_date: "2021-12-28T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2022-01-20T21:09:05+00:00",
               details: "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
               product_ids: [
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2022:0225",
            },
            {
               category: "workaround",
               details: "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.",
               product_ids: [
                  "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:88c8992a0850de9983c13c3a8e5b5cb2ed1779e31e86c0c7195ab0d38fc2727d_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:6444d97d9ed0d5e07c8df5a9ae55cb431250c5432cec6e90ecaae0fbe00be6d5_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:989d85eee44074af63c6aea0f80a11c86338a32eed0db930feec87c7d08d5135_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:e5f8312c65a081ae6433e9d8ed6e81682f5883781f4c757585559800b19fcb94_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:6fda7c65e256b5ca27a3e0b99d5289fd3eb67cc738787f659ee449e79e01e56c_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:411a7dc6932d910e53aeb09320d25325ff4228930ae198cfe67d21404fa0e3ed_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a3a23a88514f9f9117f2dceb99c7686b2056ebf3b7dd3c82efa34f5855e549e8_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:dba9c39a48e4f4a93db4daa1d596a08fc60c8c55c6b7889a7b69be241c7cd119_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:31ee1ebcb1276a491a5fee1b86aacbd1ebc0c07bdd4c9b536ce95c948995b6d0_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:87a757926b3934d21632b830511ca077d9fdb12417fa8886fad85c10143a6842_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:d9b8605f7d19097c5f0a91d678cc2f102af892878871880023fc41721b276ef7_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4afc627224c584844325fac536c2e8f0b510fa4ff84b9b05bdafe2d8505f4eac_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:b64462859b9229e261a14035b65ab702bd301fcba043254796c9bf28205e6d79_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:f659b70ed9b1ecb132337b75e6b3891f3e0452be4bf39e3cff517a51d6520f7a_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:70d1eeac2c53a0c77fdcf1ae305c12786227aa6e7f4f1f3ab4365a119111f1ea_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:a1fce6215b404d0107dc435c7f3458d7c3acc4f927ad177af43b18c9cadc1bb1_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:b7139adf92aec389c86c3d2911773520abe984a6902cf92f1d7a124480f60823_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:23a36e4ba3a8c26585c28a0fc1a947a2f35092fdc92631c9e242928556143374_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:749d9a8434d2c5a4251d59701a3a57ece72b2fe8f3a450c6e3161905cbbd4ce3_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:7cc111b0928dd598abfe6f4db5c021e056e7fa1270a3953168924f5194f00db5_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:3f1a81fdc28c7254be59a8a3630f4c36c05f655bab886627393823ffa9ad2cf6_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:76bb02283a7740fbc2f25fd95e0f0b30118a585296a62bcc745872ecdd93ba1e_ppc64le",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:f561d39b3e7249000f22471454d04323d529217842e293d0bc10af30acaa7ad8_s390x",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:15aef84c7916059dbddcdb5abadf9bd17ce282d4ab1e85c7b9473a025fc1d7ae_amd64",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:5b6bd22611e78f26389183e0e3cc6f860eda122720909a3644f6edc7eae4e8da_s390x",
                  "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:c014b38a59a73f425c8ebd764148bad4956f24eda4670c42fd67826546df01be_ppc64le",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "log4j-core: remote code execution via JDBC Appender",
      },
   ],
}

cve-2021-44832

Vulnerability from cvelistv5

Published

2021-12-28 19:35

Modified

2024-08-04 04:32

Severity ?

Summary

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	vendor-advisory, x_refsource_CISCO
	https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143	x_refsource_MISC
	https://issues.apache.org/jira/browse/LOG4J2-3293	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/12/28/1	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html	mailing-list, x_refsource_MLIST
	https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/	vendor-advisory, x_refsource_FEDORA
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220104-0001/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Log4j2	Version: log4j-core < 2.17.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:32:13.076Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://issues.apache.org/jira/browse/LOG4J2-3293",
               },
               {
                  name: "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/12/28/1",
               },
               {
                  name: "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
               },
               {
                  name: "FEDORA-2021-c6f471ce0f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/",
               },
               {
                  name: "FEDORA-2021-1bd9151bab",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220104-0001/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Log4j2",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     changes: [
                        {
                           at: "2.13.0",
                           status: "affected",
                        },
                        {
                           at: "2.12.4",
                           status: "unaffected",
                        },
                        {
                           at: "2.4",
                           status: "affected",
                        },
                        {
                           at: "2.3.2",
                           status: "unaffected",
                        },
                        {
                           at: "2.0-beta7",
                           status: "affected",
                        },
                     ],
                     lessThan: "2.17.1",
                     status: "affected",
                     version: "log4j-core",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     other: "moderate",
                  },
                  type: "unknown",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
            {
               descriptions: [
                  {
                     cweId: "CWE-74",
                     description: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-25T16:41:33",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://issues.apache.org/jira/browse/LOG4J2-3293",
            },
            {
               name: "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/12/28/1",
            },
            {
               name: "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
            },
            {
               name: "FEDORA-2021-c6f471ce0f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/",
            },
            {
               name: "FEDORA-2021-1bd9151bab",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220104-0001/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
         ],
         source: {
            defect: [
               "LOG4J2-3293",
               "",
            ],
            discovery: "UNKNOWN",
         },
         timeline: [
            {
               lang: "en",
               time: "2021-12-27T00:00:00",
               value: "reported",
            },
            {
               lang: "en",
               time: "2021-12-27T00:00:00",
               value: "patch proposed, 2.17.1-rc1",
            },
            {
               lang: "en",
               time: "2021-12-28T00:00:00",
               value: "fixed",
            },
            {
               lang: "en",
               time: "2021-12-28T00:00:00",
               value: "public",
            },
         ],
         title: "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               ID: "CVE-2021-44832",
               STATE: "PUBLIC",
               TITLE: "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Log4j2",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "log4j-core",
                                          version_value: "2.17.1",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_name: "log4j-core",
                                          version_value: "2.13.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_name: "log4j-core",
                                          version_value: "2.12.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_name: "log4j-core",
                                          version_value: "2.4",
                                       },
                                       {
                                          version_affected: "<",
                                          version_name: "log4j-core",
                                          version_value: "2.3.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_name: "log4j-core",
                                          version_value: "2.0-beta7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.",
                  },
               ],
            },
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            impact: [
               {
                  other: "moderate",
               },
            ],
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-20 Improper Input Validation",
                        },
                     ],
                  },
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
                  },
                  {
                     name: "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
                     refsource: "MISC",
                     url: "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
                  },
                  {
                     name: "https://issues.apache.org/jira/browse/LOG4J2-3293",
                     refsource: "MISC",
                     url: "https://issues.apache.org/jira/browse/LOG4J2-3293",
                  },
                  {
                     name: "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2021/12/28/1",
                  },
                  {
                     name: "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
                  },
                  {
                     name: "FEDORA-2021-c6f471ce0f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/",
                  },
                  {
                     name: "FEDORA-2021-1bd9151bab",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220104-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220104-0001/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2022.html",
                  },
               ],
            },
            source: {
               defect: [
                  "LOG4J2-3293",
                  "",
               ],
               discovery: "UNKNOWN",
            },
            timeline: [
               {
                  lang: "en",
                  time: "2021-12-27T00:00:00",
                  value: "reported",
               },
               {
                  lang: "en",
                  time: "2021-12-27T00:00:00",
                  value: "patch proposed, 2.17.1-rc1",
               },
               {
                  lang: "en",
                  time: "2021-12-28T00:00:00",
                  value: "fixed",
               },
               {
                  lang: "en",
                  time: "2021-12-28T00:00:00",
                  value: "public",
               },
            ],
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2021-44832",
      datePublished: "2021-12-28T19:35:11",
      dateReserved: "2021-12-11T00:00:00",
      dateUpdated: "2024-08-04T04:32:13.076Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted