Date Published: 2022-04-13
QID 240209: Red Hat Update for JBoss Enterprise Application Platform 7.4.4 (RHSA-2022:1296)
Red Hat jboss enterprise application platform 7 is a platform for java applications based on the wildfly application runtime.Security Fix(es):
- log4j: sql injection in log4j 1.x when application is configured to use jdbcappender (cve-2022-23305)
- log4j: unsafe deserialization flaw in chainsaw log viewer (cve-2022-23307)
- log4j: remote code execution in log4j 1.x when application is configured to use jmsappender (cve-2021-4104)
- log4j-core: remote code execution via jdbc appender (cve-2021-44832)
- log4j-core: dos in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for cve-2021-44228) (cve-2021-45046)
- log4j-core: dos in log4j 2.x with thread context map (mdc) input data contains a recursive lookup and context lookup pattern (cve-2021-45105)
- log4j: remote code execution in log4j 1.x when application is configured to use jmssink (cve-2022-23302)
- jboss enterprise application platform 7.4 for rhel 7 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
- RHSA-2022:1296 - access.redhat.com/errata/RHSA-2022:1296
CVEs related to QID 240209
|RHSA-2022:1296||Red Hat Enterprise Linux||access.redhat.com/errata/RHSA-2022:1296|