Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:0497
HistoryFeb 09, 2022 - 1:03 p.m.

(RHSA-2022:0497) Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update

2022-02-0913:03:14
access.redhat.com
67

0.794 High

EPSS

Percentile

98.3%

JSON

Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.

This Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP1 (Service Pack 1) serves as a replacement for Red Hat JBoss Data Virtualization 6.4.8, and mitigates the impact of the log4j CVE’s referenced in this document by removing the affected classes from the patch.

Note: customers should update their EAP 6.4 installation with the corresponding security fixes that have been released for that (see RHSA-2022:0437 and https://access.redhat.com/site/solutions/625683)

Security Fix(es):

  • log4j: deserialization of untrusted data in SocketServer (CVE-2019-17571)

  • log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)

  • log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)

  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)

  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

  • log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 32
ibm 34
nessus 45
openvas 20
ubuntu 1
osv 12
rocky 1
debian 2
oraclelinux 3
almalinux 1
suse 5
atlassian 8
mageia 1
gentoo 1
amazon 4
centos 1
rosalinux 1
nvd 3
cve 2
github 3
f5 3
cvelist 2
cloudlinux 2
ubuntucve 3
debiancve 3
prion 3
attackerkb 1
veracode 2
redhat
redhat
(RHSA-2022:0507) Important: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update
2022-02-10 17:22:10
(RHSA-2022:0527) Low: Red Hat JBoss Web Server 3.1 Service Pack 14 security update
2022-02-14 17:25:44
(RHSA-2022:0290) Important: parfait:0.5 security update
2022-01-26 14:27:19
ibm
ibm
Security Bulletin: IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version
2022-10-14 22:13:39
Security Bulletin: IBM Sterling Order Management migration strategy to Apache Log4j vulnerability (see CVEs below)
2022-10-20 18:18:17
IBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2020-9488 Exploit
2022-03-03 20:50:59
nessus
nessus
GLSA-202402-16 : Apache Log4j: Multiple Vulnerabilities
2024-02-18 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Apache Log4j vulnerabilities (USN-5998-1)
2023-04-06 00:00:00
RHEL 7 : Red Hat JBoss Web Server 3.1 Service Pack 14 Security Update (Low) (RHSA-2022:0524)
2022-02-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5998-1)
2023-04-06 00:00:00
ILIAS < 5.4.26, 6.x < 6.14, 7.x < 7.5 ilServer Multiple Log4j Vulnerabilities
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2905-1)
2022-02-01 00:00:00
ubuntu
ubuntu
Apache Log4j vulnerabilities
2023-04-05 00:00:00
osv
osv
Important: parfait:0.5 security update
2022-01-26 14:27:19
Important: parfait:0.5 security update
2022-01-26 14:27:19
apache-log4j1.2 - security update
2022-01-31 00:00:00
rocky
rocky
parfait:0.5 security update
2022-01-26 14:27:19
debian
debian
[SECURITY] [DLA 2905-1] apache-log4j1.2 security update
2022-01-31 14:24:44
[SECURITY] [DLA 2065-1] apache-log4j1.2 security update
2020-01-12 22:27:19
oraclelinux
oraclelinux
parfait:0.5 security update
2022-01-27 00:00:00
log4j security update
2022-02-08 00:00:00
log4j security update
2022-05-23 00:00:00
almalinux
almalinux
Important: parfait:0.5 security update
2022-01-26 14:27:19
suse
suse
Security update for kafka (important)
2022-02-16 00:00:00
Security update for kafka (important)
2022-02-17 00:00:00
Security update for log4j12 (important)
2022-01-28 00:00:00
atlassian
atlassian
Jira: Multiple vulnerabilities in log4j < 1.2.17-atlassian-16
2022-06-06 12:49:38
Crowd: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
2022-05-18 08:53:01
Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
2022-06-01 07:36:00
mageia
mageia
Updated davmail packages fix security vulnerability
2023-04-15 22:03:44
gentoo
gentoo
Apache Log4j: Multiple Vulnerabilities
2024-02-18 00:00:00
amazon
amazon
Important: log4j
2023-03-30 22:50:00
Important: log4j
2022-02-15 22:54:00
Important: log4j
2022-01-18 20:15:00
centos
centos
log4j security update
2022-02-07 16:47:44
rosalinux
rosalinux
Advisory ROSA-SA-2021-1909
2021-07-02 17:26:24
nvd
nvd
CVE-2022-23302
2022-01-18 16:15:08
CVE-2019-17571
2019-12-20 17:15:11
CVE-2020-9488
2020-04-27 16:15:12
cve
cve
CVE-2022-23302
2022-01-18 16:15:08
CVE-2020-9488
2020-04-27 16:15:12
github
github
Deserialization of Untrusted Data in Log4j 1.x
2022-01-21 23:27:14
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
2020-06-05 14:15:51
Deserialization of Untrusted Data in Log4j
2020-01-06 18:43:49
f5
f5
K59563964 : Apache Log4j Remote Code Execution vulnerability CVE-2022-23302
2022-01-31 00:00:00
K34002344 : Overview of Log4j vulnerabilities (2021 and 2022)
2022-02-01 00:00:00
K61529042 : Log4j vulnerability CVE-2019-17571
2020-04-08 00:00:00
cvelist
cvelist
CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
2022-01-18 15:25:20
CVE-2020-9488
2020-04-27 15:36:10
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-23307, CVE-2022-23302
2022-02-10 13:49:32
Fixed CVE-2019-17571 in log4j
2022-06-21 20:23:31
ubuntucve
ubuntucve
CVE-2022-23302
2022-01-18 00:00:00
CVE-2019-17571
2019-12-20 00:00:00
CVE-2020-9488
2020-04-27 00:00:00
debiancve
debiancve
CVE-2022-23302
2022-01-18 16:15:08
CVE-2019-17571
2019-12-20 17:15:11
CVE-2020-9488
2020-04-27 16:15:12
prion
prion
Deserialization of untrusted data
2022-01-18 16:15:00
Deserialization of untrusted data
2019-12-20 17:15:00
Input validation
2020-04-27 16:15:00
attackerkb
attackerkb
CVE-2019-17571
2019-12-20 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-12-23 04:57:47
Improper Validation Of Certificate
2020-04-28 07:08:30

0.794 High

EPSS

Percentile

98.3%

JSON
Related for RHSA-2022:0497
redhat32ibm34nessus45openvas20ubuntu1osv12rocky1debian2oraclelinux3almalinux1suse5atlassian8mageia1gentoo1amazon4centos1rosalinux1nvd3cve2github3f53cvelist2cloudlinux2ubuntucve3debiancve3prion3attackerkb1veracode2