rhsa-2022_1297
Vulnerability from csaf_redhat
Published
2022-04-11 13:00
Modified
2024-11-26 02:52
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1297", "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "JBEAP-22105", "url": "https://issues.redhat.com/browse/JBEAP-22105" }, { "category": "external", "summary": "JBEAP-22385", "url": "https://issues.redhat.com/browse/JBEAP-22385" }, { "category": "external", "summary": "JBEAP-22731", "url": "https://issues.redhat.com/browse/JBEAP-22731" }, { "category": "external", "summary": "JBEAP-22738", "url": "https://issues.redhat.com/browse/JBEAP-22738" }, { "category": "external", "summary": "JBEAP-22819", "url": "https://issues.redhat.com/browse/JBEAP-22819" }, { "category": "external", "summary": "JBEAP-22839", "url": "https://issues.redhat.com/browse/JBEAP-22839" }, { "category": "external", "summary": "JBEAP-22864", "url": "https://issues.redhat.com/browse/JBEAP-22864" }, { "category": "external", "summary": "JBEAP-22900", "url": "https://issues.redhat.com/browse/JBEAP-22900" }, { "category": "external", "summary": "JBEAP-22904", "url": "https://issues.redhat.com/browse/JBEAP-22904" }, { "category": "external", "summary": "JBEAP-22911", "url": "https://issues.redhat.com/browse/JBEAP-22911" }, { "category": "external", "summary": "JBEAP-22912", "url": "https://issues.redhat.com/browse/JBEAP-22912" }, { "category": "external", "summary": "JBEAP-22913", "url": "https://issues.redhat.com/browse/JBEAP-22913" }, { "category": "external", "summary": "JBEAP-22935", "url": "https://issues.redhat.com/browse/JBEAP-22935" }, { "category": "external", "summary": "JBEAP-22945", "url": "https://issues.redhat.com/browse/JBEAP-22945" }, { "category": "external", "summary": "JBEAP-22973", "url": "https://issues.redhat.com/browse/JBEAP-22973" }, { "category": "external", "summary": "JBEAP-23038", "url": "https://issues.redhat.com/browse/JBEAP-23038" }, { "category": "external", "summary": "JBEAP-23040", "url": "https://issues.redhat.com/browse/JBEAP-23040" }, { "category": "external", "summary": "JBEAP-23045", "url": "https://issues.redhat.com/browse/JBEAP-23045" }, { "category": "external", "summary": "JBEAP-23101", "url": "https://issues.redhat.com/browse/JBEAP-23101" }, { "category": "external", "summary": "JBEAP-23105", "url": "https://issues.redhat.com/browse/JBEAP-23105" }, { "category": "external", "summary": "JBEAP-23143", "url": "https://issues.redhat.com/browse/JBEAP-23143" }, { "category": "external", "summary": "JBEAP-23177", "url": "https://issues.redhat.com/browse/JBEAP-23177" }, { "category": "external", "summary": "JBEAP-23323", "url": "https://issues.redhat.com/browse/JBEAP-23323" }, { "category": "external", "summary": "JBEAP-23373", "url": "https://issues.redhat.com/browse/JBEAP-23373" }, { "category": "external", "summary": "JBEAP-23374", "url": "https://issues.redhat.com/browse/JBEAP-23374" }, { "category": "external", "summary": "JBEAP-23375", "url": "https://issues.redhat.com/browse/JBEAP-23375" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1297.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "tracking": { "current_release_date": "2024-11-26T02:52:57+00:00", "generator": { "date": "2024-11-26T02:52:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1297", "initial_release_date": "2022-04-11T13:00:18+00:00", "revision_history": [ { "date": "2022-04-11T13:00:18+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-11T13:00:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-26T02:52:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.9-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.16-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.25-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-7.redhat_00034.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.11-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "product_id": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src", "product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el8eap?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.0-3.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64@2.2.0-2.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-15.Final_redhat_00014.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.4-3.GA_redhat_00011.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.25-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.11.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-7.redhat_00034.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.11-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.11-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el8eap?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.0-3.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@2.2.0-3.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-15.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-15.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-15.Final_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.4-3.GA_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.4-3.GA_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.4-3.GA_redhat_00011.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product_id": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64@2.2.0-2.Final_redhat_00002.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product_id": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64-debuginfo@2.2.0-2.Final_redhat_00002.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4104", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031667" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4104" }, { "category": "external", "summary": "RHBZ#2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301" }, { "category": "external", "summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", "url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/13/1" } ], "release_date": "2021-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender" }, { "cve": "CVE-2021-44832", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2035951" } ], "notes": [ { "category": "description", "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: remote code execution via JDBC Appender", "title": "Vulnerability summary" }, { "category": "other", "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44832" }, { "category": "external", "summary": "RHBZ#2035951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" } ], "release_date": "2021-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: remote code execution via JDBC Appender" }, { "cve": "CVE-2021-45046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2032580" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)", "title": "Vulnerability summary" }, { "category": "other", "text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "category": "external", "summary": "RHBZ#2032580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-44228", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2021-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-01T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)" }, { "cve": "CVE-2021-45105", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-12-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034067" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45105" }, { "category": "external", "summary": "RHBZ#2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230", "url": "https://issues.apache.org/jira/browse/LOG4J2-3230" }, { "category": "external", "summary": "https://logging.apache.org/log4j/2.x/security.html", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1" } ], "release_date": "2021-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern" }, { "cve": "CVE-2022-23302", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041949" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker\u0027s JNDI LDAP endpoint.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23302" }, { "category": "external", "summary": "RHBZ#2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23302", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/3", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/3" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink" }, { "cve": "CVE-2022-23305", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041959" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23305" }, { "category": "external", "summary": "RHBZ#2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/4" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender" }, { "cve": "CVE-2022-23307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041967" } ], "notes": [ { "category": "description", "text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer", "title": "Vulnerability summary" }, { "category": "other", "text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23307" }, { "category": "external", "summary": "RHBZ#2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/5" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-11T13:00:18+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "workaround", "details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-7.redhat_00034.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-7.redhat_00034.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.25-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.25-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-15.Final_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-15.Final_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.4-3.GA_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.11-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.11-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.4-3.GA_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.0-3.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.0-2.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.0-3.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.