The vulnerability of the JMSSink class implementation in the Log4j logging library allows a perpetrator to execute arbitrary code.

🗓️ 01 Feb 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Remote code execution via deserialization in Log4j JMSSink by crafted JNDI requests.

Reporter	Title	Published	Views	Family All 283
IBM Security Bulletins	Security Bulletin: Due to use of Apache Log4j, IBM Netcool/OMNIbus Probe DSL Factory Framework is vulnerable to arbitrary code execution (CVE-2022-23302, CVE-2022-23307) and SQL injection (CVE-2022-23305)	16 Mar 202202:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel	24 Jun 202511:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Datacap	12 Jan 202617:46	–	ibm
IBM Security Bulletins	Security Bulletin: An IBM QRadar SIEM SNMP protocol is vulnerable to a denial of service, SQL injection and could allow a remote attacker to execute arbitrary code on the system.	15 May 202408:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2022-23302)	21 Jul 202212:29	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j vulnerability	14 Sep 202215:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to arbitrary code execution and SQL injection due to Apache Log4j. (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)	17 Feb 202217:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2022-23302)	11 Jul 202202:12	–	ibm
IBM Security Bulletins	Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics	3 Jun 202214:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2022-23302)	4 Apr 202205:24	–	ibm

Vulners

Node

red_hat red_hat_virtualizationMatch4

OR

red_hat jboss_enterprise_application_platformMatch7

OR

red_hat red_hat_single_sign-onMatch7

OR

red_hat jboss_a-mqMatch6.0

OR

red_hat jboss_web_serverMatch3

OR

red_hat jboss_operations_networkMatch3.0

OR

red_hat openshift_container_platformMatch4

OR

red_hat red_hat_jboss_data_gridMatch7

OR

red_hat jboss_enterprise_application_platformMatch6

OR

red_hat jboss_a-mqMatch7

OR

red_hat a-mq_clientsMatch2

OR

red_hat red_hat_codeready_studioMatch12

OR

apache log4jRange1.0–2.0

OR

ibm ibm_spectrum_discoverRange<2.0.4.5

OR

google android_studioMatch2025.2.3.9

OR

red_hat red_hat_enterprise_linuxMatch6

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

Source	Link
lists	www.lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
logging	www.logging.apache.org/log4j/1.2/index.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-23302
access	www.access.redhat.com/security/cve/cve-2022-23302
ibm	www.ibm.com/support/pages/node/6568675
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.4.3/
strelets	www.strelets.net/patchi-i-obnovleniya-bezopasnosti
abf	www.abf.rosa.ru/advisories/ROSA-SA-2024-2519
web	www.web.nvd.nist.gov/view/vuln/detail

10 Feb 2026 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 36.6

CVSS 28.5

EPSS0.00785

Log4j JMSSink Deserialization flaw Remote execution Java naming directory