RHSA-2022:0216LowCVSS 8.1
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
🔗 CVE IDs covered (3)
📋 Description
CVE-2021-44832 — log4j-core: remote code execution via JDBC Appender CVE-2021-45046 — log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) CVE-2021-45105 — log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2022:0216
- externalhttps://access.redhat.com/security/updates/classification/#low
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- externalhttps://access.redhat.com/solutions/6577421
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- externalhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2032580
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2034067
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2035951
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0216.json