rhsa-2022_1296
Vulnerability from csaf_redhat
Published
2022-04-11 12:59
Modified
2024-09-16 07:37
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1296",
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2031667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
},
{
"category": "external",
"summary": "2032580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
},
{
"category": "external",
"summary": "2034067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067"
},
{
"category": "external",
"summary": "2035951",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951"
},
{
"category": "external",
"summary": "2041949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949"
},
{
"category": "external",
"summary": "2041959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959"
},
{
"category": "external",
"summary": "2041967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967"
},
{
"category": "external",
"summary": "JBEAP-22105",
"url": "https://issues.redhat.com/browse/JBEAP-22105"
},
{
"category": "external",
"summary": "JBEAP-22385",
"url": "https://issues.redhat.com/browse/JBEAP-22385"
},
{
"category": "external",
"summary": "JBEAP-22731",
"url": "https://issues.redhat.com/browse/JBEAP-22731"
},
{
"category": "external",
"summary": "JBEAP-22738",
"url": "https://issues.redhat.com/browse/JBEAP-22738"
},
{
"category": "external",
"summary": "JBEAP-22819",
"url": "https://issues.redhat.com/browse/JBEAP-22819"
},
{
"category": "external",
"summary": "JBEAP-22839",
"url": "https://issues.redhat.com/browse/JBEAP-22839"
},
{
"category": "external",
"summary": "JBEAP-22864",
"url": "https://issues.redhat.com/browse/JBEAP-22864"
},
{
"category": "external",
"summary": "JBEAP-22899",
"url": "https://issues.redhat.com/browse/JBEAP-22899"
},
{
"category": "external",
"summary": "JBEAP-22904",
"url": "https://issues.redhat.com/browse/JBEAP-22904"
},
{
"category": "external",
"summary": "JBEAP-22911",
"url": "https://issues.redhat.com/browse/JBEAP-22911"
},
{
"category": "external",
"summary": "JBEAP-22912",
"url": "https://issues.redhat.com/browse/JBEAP-22912"
},
{
"category": "external",
"summary": "JBEAP-22913",
"url": "https://issues.redhat.com/browse/JBEAP-22913"
},
{
"category": "external",
"summary": "JBEAP-22935",
"url": "https://issues.redhat.com/browse/JBEAP-22935"
},
{
"category": "external",
"summary": "JBEAP-22945",
"url": "https://issues.redhat.com/browse/JBEAP-22945"
},
{
"category": "external",
"summary": "JBEAP-22973",
"url": "https://issues.redhat.com/browse/JBEAP-22973"
},
{
"category": "external",
"summary": "JBEAP-23038",
"url": "https://issues.redhat.com/browse/JBEAP-23038"
},
{
"category": "external",
"summary": "JBEAP-23040",
"url": "https://issues.redhat.com/browse/JBEAP-23040"
},
{
"category": "external",
"summary": "JBEAP-23045",
"url": "https://issues.redhat.com/browse/JBEAP-23045"
},
{
"category": "external",
"summary": "JBEAP-23101",
"url": "https://issues.redhat.com/browse/JBEAP-23101"
},
{
"category": "external",
"summary": "JBEAP-23105",
"url": "https://issues.redhat.com/browse/JBEAP-23105"
},
{
"category": "external",
"summary": "JBEAP-23143",
"url": "https://issues.redhat.com/browse/JBEAP-23143"
},
{
"category": "external",
"summary": "JBEAP-23177",
"url": "https://issues.redhat.com/browse/JBEAP-23177"
},
{
"category": "external",
"summary": "JBEAP-23323",
"url": "https://issues.redhat.com/browse/JBEAP-23323"
},
{
"category": "external",
"summary": "JBEAP-23373",
"url": "https://issues.redhat.com/browse/JBEAP-23373"
},
{
"category": "external",
"summary": "JBEAP-23374",
"url": "https://issues.redhat.com/browse/JBEAP-23374"
},
{
"category": "external",
"summary": "JBEAP-23375",
"url": "https://issues.redhat.com/browse/JBEAP-23375"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_1296.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"tracking": {
"current_release_date": "2024-09-16T07:37:43+00:00",
"generator": {
"date": "2024-09-16T07:37:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2022:1296",
"initial_release_date": "2022-04-11T12:59:41+00:00",
"revision_history": [
{
"date": "2022-04-11T12:59:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-11T12:59:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T07:37:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.6-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.9-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.25-1.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-7.redhat_00034.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.11-1.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el7eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64@2.2.0-2.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.0-3.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-15.Final_redhat_00014.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.4-3.GA_redhat_00011.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.25-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.11.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-7.redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.11-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.11-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el7eap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.0-3.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@2.2.0-3.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-15.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-15.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-15.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.4-3.GA_redhat_00011.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"product": {
"name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"product_id": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64@2.2.0-2.Final_redhat_00002.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"product": {
"name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"product_id": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64-debuginfo@2.2.0-2.Final_redhat_00002.1.el7eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64"
},
"product_reference": "eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64"
},
"product_reference": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4104",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031667"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4104"
},
{
"category": "external",
"summary": "RHBZ#2031667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx",
"url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1",
"url": "https://www.openwall.com/lists/oss-security/2021/12/13/1"
}
],
"release_date": "2021-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "workaround",
"details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender"
},
{
"cve": "CVE-2021-44832",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2035951"
}
],
"notes": [
{
"category": "description",
"text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j-core: remote code execution via JDBC Appender",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44832"
},
{
"category": "external",
"summary": "RHBZ#2035951",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/LOG4J2-3293",
"url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
}
],
"release_date": "2021-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "workaround",
"details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j-core: remote code execution via JDBC Appender"
},
{
"cve": "CVE-2021-45046",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2032580"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45046"
},
{
"category": "external",
"summary": "RHBZ#2032580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
"url": "https://access.redhat.com/security/cve/CVE-2021-44228"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/security.html",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
"url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2021-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "workaround",
"details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-01T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
},
{
"cve": "CVE-2021-45105",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2021-12-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45105"
},
{
"category": "external",
"summary": "RHBZ#2034067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/LOG4J2-3230",
"url": "https://issues.apache.org/jira/browse/LOG4J2-3230"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/security.html",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1",
"url": "https://www.openwall.com/lists/oss-security/2021/12/19/1"
}
],
"release_date": "2021-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "workaround",
"details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern"
},
{
"cve": "CVE-2022-23302",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker\u0027s JNDI LDAP endpoint.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23302"
},
{
"category": "external",
"summary": "RHBZ#2041949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/18/3",
"url": "https://www.openwall.com/lists/oss-security/2022/01/18/3"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "workaround",
"details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink"
},
{
"cve": "CVE-2022-23305",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-01-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23305"
},
{
"category": "external",
"summary": "RHBZ#2041959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4",
"url": "https://www.openwall.com/lists/oss-security/2022/01/18/4"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "workaround",
"details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender"
},
{
"cve": "CVE-2022-23307",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041967"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23307"
},
{
"category": "external",
"summary": "RHBZ#2041967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5",
"url": "https://www.openwall.com/lists/oss-security/2022/01/18/5"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "workaround",
"details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer"
}
]
}
Loading...