Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:1299
HistoryApr 11, 2022 - 12:57 p.m.

(RHSA-2022:1299) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update

2022-04-1112:57:11
access.redhat.com
97

0.976 High

EPSS

Percentile

100.0%

JSON

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)

  • log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)

  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)

  • log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)

  • log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)

  • log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)

  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 30
nessus 34
f5 1
githubexploit 7
qualysblog 3
thn 3
ibm 81
rapid7blog 1
arista 1
osv 4
rocky 1
debian 1
suse 4
openvas 12
oraclelinux 2
cisco 1
github 2
paloalto 1
citrix 1
almalinux 1
checkpoint_security 1
centos 1
atlassian 2
amazon 2
hivepro 1
trellix 1
redhat
redhat
(RHSA-2022:1297) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
2022-04-11 12:43:59
(RHSA-2022:1296) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
2022-04-11 12:43:56
(RHSA-2022:0527) Low: Red Hat JBoss Web Server 3.1 Service Pack 14 security update
2022-02-14 17:25:44
nessus
nessus
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.4 (RHSA-2022:1296)
2022-04-12 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.4 (RHSA-2022:1297)
2022-04-12 00:00:00
RHEL 7 : Red Hat JBoss Web Server 3.1 Service Pack 14 Security Update (Low) (RHSA-2022:0524)
2022-02-14 00:00:00
f5
f5
K34002344 : Overview of Log4j vulnerabilities (2021 and 2022)
2022-02-01 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-13 07:24:02
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-13 07:24:02
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-13 07:24:02
qualysblog
qualysblog
Is Your Web Application Exploitable By Log4Shell Vulnerability?
2021-12-15 17:06:36
New Options Profiles for Log4Shell Detection
2021-12-20 17:33:11
CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)
2021-12-10 19:30:11
thn
thn
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
2021-12-29 04:59:00
Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities
2022-01-05 05:12:00
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability
2021-12-18 12:18:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)
2022-05-04 12:55:51
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104)
2022-06-07 14:36:22
Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105)
2022-11-11 17:20:42
rapid7blog
rapid7blog
Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
2021-12-10 15:30:00
arista
arista
Security Advisory 0070
2022-05-20 00:00:00
osv
osv
Important: parfait:0.5 security update
2022-01-26 14:27:19
Important: parfait:0.5 security update
2022-01-26 14:27:19
apache-log4j1.2 - security update
2022-01-31 00:00:00
rocky
rocky
parfait:0.5 security update
2022-01-26 14:27:19
debian
debian
[SECURITY] [DLA 2905-1] apache-log4j1.2 security update
2022-01-31 14:24:44
suse
suse
Security update for kafka (important)
2022-02-16 00:00:00
Security update for log4j (important)
2022-01-27 00:00:00
Security update for kafka (important)
2022-02-17 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2905-1)
2022-02-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0226-1)
2022-01-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0212-1)
2022-01-28 00:00:00
oraclelinux
oraclelinux
parfait:0.5 security update
2022-01-27 00:00:00
log4j security update
2022-02-08 00:00:00
cisco
cisco
Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021
2021-12-10 18:45:00
github
github
GitHub’s response to Log4j vulnerability CVE-2021-44228
2021-12-13 19:06:34
Security Advisory for "Log4Shell"
2022-01-21 23:25:04
paloalto
paloalto
Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832
2021-12-10 21:45:00
citrix
citrix
Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.
2021-12-11 17:15:50
almalinux
almalinux
Important: parfait:0.5 security update
2022-01-26 14:27:19
checkpoint_security
checkpoint_security
Check Point's response to Apache Log4j Remote Code Execution
2021-12-10 11:28:03
centos
centos
log4j security update
2022-02-07 16:47:44
atlassian
atlassian
Jira: Multiple vulnerabilities in log4j < 1.2.17-atlassian-16
2022-06-06 12:49:38
Crowd: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
2022-05-18 08:53:01
amazon
amazon
Important: log4j
2023-03-30 22:50:00
Important: log4j
2022-02-15 22:54:00
hivepro
hivepro
Apache released a patch to address the critical zero-day vulnerability in log4j
2021-12-29 09:27:58
trellix
trellix
Log4shell Vulnerability is the Coal in Our Stocking for 2021
2022-01-19 00:00:00

0.976 High

EPSS

Percentile

100.0%

JSON
Related for RHSA-2022:1299
redhat30nessus34f51githubexploit7qualysblog3thn3ibm81rapid7blog1arista1osv4rocky1debian1suse4openvas12oraclelinux2cisco1github2paloalto1citrix1almalinux1checkpoint_security1centos1atlassian2amazon2hivepro1trellix1