JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
{"github": [{"lastseen": "2023-06-14T15:09:39", "description": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-21T23:27:14", "type": "github", "title": "Deserialization of Untrusted Data in Log4j 1.x", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302"], "modified": "2023-01-27T05:02:33", "id": "GHSA-W9P3-5CR8-M3JJ", "href": "https://github.com/advisories/GHSA-w9p3-5cr8-m3jj", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-01-09T08:06:28", "description": "### Impact\n\nClickHouse JDBC Bridge uses [slf4j-log4j12 1.7.32](https://repo1.maven.org/maven2/org/slf4j/slf4j-log4j12/1.7.32/), which depends on [log4j 1.2.17](https://repo1.maven.org/maven2/log4j/log4j/1.2.17/). It allows a remote attacker to execute code on the server, if you changed default log4j configuration by adding JMSAppender and an insecure JMS broker.\n\n### Patches\n\nThe patch version `2.0.7` removed log4j dependency by replacing `slf4j-log4j12` to `slf4j-jdk14`. Logging configuration is also changed from `log4j.properties` to `logging.properties`.\n\n### Workarounds\n\n1. Do NOT change log4j configuration to use JMSAppender along with insecure JMS broker\n2. Alternatively, you can issue below command to remove `JMSAppender.class`:\n\n```(bash)\n# install zip command if you don't have\napt-get update && apt-get install -y zip\n# remove the class\nzip -d clickhouse-jdbc-bridge*.jar ru/yandex/clickhouse/jdbcbridge/internal/log4j/net/JMSAppender.class\n```\n\n### References\n\nPlease refer to [CVE-2021-4104](https://access.redhat.com/security/cve/CVE-2021-4104) to read more.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please feel free to open an issue in the repository.\n", "cvss3": {}, "published": "2021-12-17T20:42:38", "type": "github", "title": "Using JMSAppender in log4j configuration may lead to deserialization of untrusted data", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-4104"], "modified": "2023-01-09T05:06:25", "id": "GHSA-3W6P-8F82-GW8R", "href": "https://github.com/advisories/GHSA-3w6p-8f82-gw8r", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-03-28T05:24:58", "description": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-21T23:27:14", "type": "osv", "title": "Deserialization of Untrusted Data in Log4j 1.x", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302"], "modified": "2023-03-28T05:24:53", "id": "OSV:GHSA-W9P3-5CR8-M3JJ", "href": "https://osv.dev/vulnerability/GHSA-w9p3-5cr8-m3jj", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:29:05", "description": "### Impact\n\nClickHouse JDBC Bridge uses [slf4j-log4j12 1.7.32](https://repo1.maven.org/maven2/org/slf4j/slf4j-log4j12/1.7.32/), which depends on [log4j 1.2.17](https://repo1.maven.org/maven2/log4j/log4j/1.2.17/). It allows a remote attacker to execute code on the server, if you changed default log4j configuration by adding JMSAppender and an insecure JMS broker.\n\n### Patches\n\nThe patch version `2.0.7` removed log4j dependency by replacing `slf4j-log4j12` to `slf4j-jdk14`. Logging configuration is also changed from `log4j.properties` to `logging.properties`.\n\n### Workarounds\n\n1. Do NOT change log4j configuration to use JMSAppender along with insecure JMS broker\n2. Alternatively, you can issue below command to remove `JMSAppender.class`:\n\n```(bash)\n# install zip command if you don't have\napt-get update && apt-get install -y zip\n# remove the class\nzip -d clickhouse-jdbc-bridge*.jar ru/yandex/clickhouse/jdbcbridge/internal/log4j/net/JMSAppender.class\n```\n\n### References\n\nPlease refer to [CVE-2021-4104](https://access.redhat.com/security/cve/CVE-2021-4104) to read more.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please feel free to open an issue in the repository.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T20:42:38", "type": "osv", "title": "Using JMSAppender in log4j configuration may lead to deserialization of untrusted data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2023-04-11T01:28:57", "id": "OSV:GHSA-3W6P-8F82-GW8R", "href": "https://osv.dev/vulnerability/GHSA-3w6p-8f82-gw8r", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-08-15T15:55:08", "description": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T16:15:00", "type": "prion", "title": "Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302"], "modified": "2023-02-24T15:30:00", "id": "PRION:CVE-2022-23302", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-23302", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-14T14:34:29", "description": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T16:15:00", "type": "debiancve", "title": "CVE-2022-23302", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302"], "modified": "2022-01-18T16:15:00", "id": "DEBIANCVE:CVE-2022-23302", "href": "https://security-tracker.debian.org/tracker/CVE-2022-23302", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-29T13:41:44", "description": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of\nuntrusted data when the attacker has write access to the Log4j\nconfiguration or if the configuration references an LDAP service the\nattacker has access to. The attacker can provide a\nTopicConnectionFactoryBindingName configuration causing JMSSink to perform\nJNDI requests that result in remote code execution in a similar fashion to\nCVE-2021-4104. Note this issue only affects Log4j 1.x when specifically\nconfigured to use JMSSink, which is not the default. Apache Log4j 1.2\nreached end of life in August 2015. Users should upgrade to Log4j 2 as it\naddresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T00:00:00", "type": "ubuntucve", "title": "CVE-2022-23302", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302"], "modified": "2022-01-18T00:00:00", "id": "UB:CVE-2022-23302", "href": "https://ubuntu.com/security/CVE-2022-23302", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2023-05-31T16:58:24", "description": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. ([CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>))\n\nImpact\n\nAn attacker can leverage the vulnerability to perform remote code execution on the affected F5 product.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-31T20:43:00", "type": "f5", "title": "Apache Log4j Remote Code Execution vulnerability CVE-2022-23302", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302"], "modified": "2022-02-07T19:29:00", "id": "F5:K59563964", "href": "https://support.f5.com/csp/article/K59563964", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T16:56:10", "description": "This document is intended to serve as an overview of the 2021 and 2022 Log4j vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated security advisory.\n\n * [High CVEs](<https://support.f5.com/csp/article/K34002344#high>)\n * [Medium CVEs](<https://support.f5.com/csp/article/K34002344#medium>)\n * [Not Vulnerable CVEs](<https://support.f5.com/csp/article/K34002344#notvulnerable>)\n\nHigh CVEs\n\nCVE | Security Advisory Description | CVSS score | Affected products | Affected versions1 \n---|---|---|---|--- \n[CVE-2021-44228](<https://support.f5.com/csp/article/K19026212>) | Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | 8.0 | Traffix SDC | 5.2.0 CF1 \n5.1.0 CF-30 - 5.1.0 CF-33 \n[CVE-2021-45046](<https://support.f5.com/csp/article/K32171392>) | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 makes a best-effort attempt to restrict JNDI LDAP lookups to localhost by default. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | 8.0 | Traffix SDC | 5.2.0 CF1 \n5.1.0 CF-30 - 5.1.0 CF-33 \n[CVE-2022-23305](<https://support.f5.com/csp/article/K97120268>) | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | 8.1 | Traffix SDC | 5.2.0 \n5.1.0 \n[CVE-2022-23307](<https://support.f5.com/csp/article/K00322972>) | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | 8.1 | Traffix SDC | 5.2.0 \n5.1.0 \n \n1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.\n\nMedium CVEs\n\nCVE | Security Advisory Description | CVSS score | Affected products | Affected versions1 \n---|---|---|---|--- \n[CVE-2021-4104](<https://support.f5.com/csp/article/K24554520>) | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | 6.6 | Traffix SDC | 5.2.0 \n5.1.0 \n[CVE-2021-44832](<https://support.f5.com/csp/article/K14122652>) | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. | 6.6 | Traffix SDC | 5.2.0 \n5.1.0 CF-30 - 5.1.0 CF-33 \n[CVE-2022-23302](<https://support.f5.com/csp/article/K59563964>) | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | 6.6 | Traffix SDC | 5.2.0 \n5.1.0 \n \n1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.\n\nNot Vulnerable CVEs\n\nCVE | Security Advisory Description | CVSS score | Affected products | Affected versions1 \n---|---|---|---|--- \n[CVE-2021-45105](<https://support.f5.com/csp/article/K34162192>) | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3. | None | None | None \n \n1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-01T22:31:00", "type": "f5", "title": "Overview of Log4j vulnerabilities (2021 and 2022)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-02-08T16:38:00", "id": "F5:K34002344", "href": "https://support.f5.com/csp/article/K34002344", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-06-24T06:01:59", "description": "## Summary\n\nApache Log4j is used by IBM Cloud Pak for Multicloud Management Monitoring as part of its logging infrastructure. Apache Log4j v1.2 has been removed and replaced by Log4j v2.17.1. Components that use Apache Log4j v1.2 are not exposed outside the cluster and are not configured to use the vulnerable Log4j v1 classes. Furthermore, it will take extraordinary measures by a malicious insider to attempt to reconfigure the components to be vulnerable. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| 2.0 - 2.3 Fix Pack 4 \n \n\n\n## Remediation/Fixes\n\nTo address the vulnerability, IBM strongly recommends you to upgrade IBM Cloud Pak for Multicloud Management to 2.3 Fix Pack 5. For upgrading instructions, see <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade.>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-21T12:29:22", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2022-23302)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-07-21T12:29:22", "id": "119CECCEFDE70646119DD7521398162DB4527F17D79DC46F5852AD60ADE965F6", "href": "https://www.ibm.com/support/pages/node/6606293", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:07:50", "description": "## Summary\n\nApache Log4j used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE (CVE-2022-23302)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCPDS| 1.0.0.0- 1.0.7.7 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying below security patch.**\n\nProduct| VRMF| Remediation / First Fix \n---|---|--- \nIBM Cloud Pak for Data System 1.0| 7.9.22.02.SP10| [Link to fix central](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&fixids=7.9.22.02.SP10-WS-ICPDS-fp152&source=SAR>) \n \nPlease follow the steps given in **[release notes](<https://www.ibm.com/docs/en/cloud-paks/cloudpak-data-system/1.0?topic=new-security-patch-release-notes> \"release notes\" )** to upgrade system with security patches \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-21T08:27:16", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Pak for Data System 1.0", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-03-21T08:27:16", "id": "A74B006308C9A5B8978B427A12282CE7740E5A2E6AE2BE9AA3FC87E2CC5147EF", "href": "https://www.ibm.com/support/pages/node/6565009", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:07:18", "description": "## Summary\n\nApache Log4j v1 is shipped within the ActiveMQ package of IBM Tivoli Netcool Impact. This has been resolved by updating ActiveMQ to version 5.16.4 which removes log4j from ActiveMQ.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.25| IJ37697| Upgrade to [IBM Tivoli Netcool Impact 7.1.0 FP25](<https://www.ibm.com/support/pages/node/6560100> \"IBM Tivoli Netcool Impact 7.1.0 FP25\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T05:24:12", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2022-23302)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-04-04T05:24:12", "id": "3C5C2DC0C6FC28CCC7819C9A096664A68AA7EC71D69523DC99D44FC54A9CDBBE", "href": "https://www.ibm.com/support/pages/node/6569145", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:54:35", "description": "## Summary\n\nIBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the JMSSink in all versions of Log4j 1. x allowing deserialization of untrusted data when the malicious attacker has write access to the Log4j configuration or if the configuration references an LDAP service. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3 \nIBM Operations Analytics Predictive Insights| 1.3.5 \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\nApache Log4j 1.2 reached the end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. \n\nTo do that, please use the instructions and full details from the README that\u2019s in the IBM Operations Analytics Predictive Insights iFix6 tarball, and follow with the upgrade to IBM Operations Analytics Predictive Insights iFix6.\n\nIBM Operations Analytics Predictive Insights iFix6 tarball is available [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=All&platform=Linux+64-bit,x86_64&function=all> \"here\" ). \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T15:41:15", "type": "ibm", "title": "Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23302)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-10-18T15:41:15", "id": "738000B8445D724BA90A3721AA90AF1E32A31E66429EC83FA370C038A4CDE8ED", "href": "https://www.ibm.com/support/pages/node/6830271", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:09:16", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library used by IBM Sterling Connect:Direct Web Services. This affects IBM Sterling Connect:Direct Web Services. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nSterling Connect Direct Web Services| 1.0 \nIBM Connect:Direct Web Services| 6.0 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation \n** \n---|---|--- \nSterling Connect Direct Web Services| 1.0| Apply 6.0.0.6, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Connect:Direct Web Services| 6.0| Apply 6.0.0.6, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T05:40:36", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to Apache Log4j (CVE-2022-23302)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-02-18T05:40:36", "id": "693E0AD85F6E19F2CA7356E03CABE34515DA0B593F3C3F3144F6F403F3141066", "href": "https://www.ibm.com/support/pages/node/6557384", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:58:27", "description": "## Summary\n\nApache Log4j vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Order Management| 10.0 \nIBM Sterling Order Management| 9.5.x \n \n## Remediation/Fixes\n\nOrder Management on premise release notes -[ https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version](<https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp30>)\n\nFix Central Link (**FP details URL)**: \n[https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T15:54:39", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-09-14T15:54:39", "id": "178747CFB8042E516CF1AB34F6D530ACE1CD919FFD0DA372792B07A5E23A36DD", "href": "https://www.ibm.com/support/pages/node/6570411", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:06:40", "description": "## Summary\n\nApache Log4j used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE(CVE-2022-23302).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Integrated Analytics System| 1.0.0-1.0.27.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying below security patch.**\n\nProduct| VRMF| Remediation / First Fix \n---|---|--- \nIBM Integrated Analytics System | 7.9.22.01.SP7| [Link to fix central](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FIBM+Integrated+Analytics+System&fixids=7.9.22.01.SP7-IM-IIAS-fp163&source=SAR>) \n \nPlease follow the steps given in **[release notes](<https://www.ibm.com/docs/en/ias?topic=notes-security-patch-release> \"\" )** to upgrade system with security patches \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-21T09:59:10", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Integrated Analytics System.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-04-21T09:59:10", "id": "4D7D6CE6B9BA698BFB9B758C15E38ED5972AE720478AC2AAD2A202C6748BA969", "href": "https://www.ibm.com/support/pages/node/6573955", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:02:43", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages with Watson versions 8.1 through 8.2.0.3 \n\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n \n\n\n**Product**| **Remediation** \n---|--- \n \nFor IBM OpenPages with Watson **8.1 **or** 8.1.0.1 **\n\n\\- Upgrade to 8.1.0.2 Fix Pack\n\n\\- Apply 8.1.0.2 Interim Fix 3 (**8.1.0.2.3**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-81-fix-pack-2>\n\n<https://ibm.com/support/pages/openpages-watson-8102-interim-fix-3-0> \n \nFor IBM OpenPages with Watson** 8.1.0.2 **\n\n\\- Apply 8.1.0.2 Interim Fix 3 (**8.1.0.2.3**) or later\n\n| \n\n<https://ibm.com/support/pages/openpages-watson-8102-interim-fix-3-0> \n \nFor IBM OpenPages with Watson** 8.2**, **8.2.0.1, 8.2.0.2 **or** 8.2.0.3**\n\n\\- Upgrade to 8.2.0.4 Fix Pack\n\n\\- Apply 8.2.0.4 Interim Fix 6 (**8.2.0.4.6**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-82-fix-pack-4>\n\n<https://www.ibm.com/support/pages/openpages-watson-8204-interim-fix-6> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-11T02:12:39", "type": "ibm", "title": "Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2022-23302)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-07-11T02:12:39", "id": "2317B63F9B053CE76F1D936DB5288531851264E0A0B7CBCF7C27C90D007568F4", "href": "https://www.ibm.com/support/pages/node/6600097", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:09:39", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect the logging infrastructure in the ATNAAudit node and the XDSConsumer pattern in IBM App Connect for Healthcare. IBM App Connect for Healthcare have addressed these vulnerabilities, the fix includes Apache Log4j 2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM App Connect for Healthcare 5.0.0.0 \nIBM App Connect for Healthcare 5.0.0.1 \nIBM App Connect for Healthcare 6.0.1.0\n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the patches listed in this table. Product| VRMF| APAR| Remediation/Fixes \n---|---|---|--- \nIBM App Connect for Healthcare| 5.0.0.1| IT39653| \n\nInterim fix for APAR (IT39653 ) is available from\n\n[5.0.0.1 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=5.0.0.1&platform=All&function=aparId&apars=IT39653> \"5.0.0.1 IBM Fix Central\" ) \n \nIBM App Connect for Healthcare| 6.0.1.0| IT39653| \n\nInterim fix for APAR (IT39653 ) is available from\n\n[6.0.1.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=6.0.1.0&platform=All&function=aparId&apars=IT39653> \"\" ) \n \n## Workarounds and Mitigations\n\nAs detailed above in the **Remediation / Fixes Section.**\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-04T12:29:41", "type": "ibm", "title": "Security Bulletin: IBM App Connect for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2022-23302)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-02-04T12:29:41", "id": "7F94C5CDDDC51ECE1C166F6CE37D2771A340AF5113460E54FEB1483857799253", "href": "https://www.ibm.com/support/pages/node/6553874", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:08", "description": "## Summary\n\nApache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities (CVE-2022-23305, CVE-2022-23302, CVE-2021-4104). Although IBM Cognos Controller is not vulnerable to the listed CVEs, all instances of Apache Log4j v1.x were proactively upgraded to Apache Log4j v2.17.1 for the IBM Cognos Controller 10.4.2 and 10.4.1 streams.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Controller 10.4.2\n\nIBM Cognos Controller 10.4.1\n\nIBM Cognos Controller 10.4.0\n\n## Remediation/Fixes\n\nIf you have the listed affected version, it is strongly recommended that you apply the most recent security update:\n\n**Affected Version**| **Fix Version** \n---|--- \nIBM Cognos Controller 10.4.2| [IBM Cognos Controller 10.4.2 FP1](<https://www.ibm.com/support/pages/node/6556176> \"IBM Cognos Controller 10.4.2 FP1\" ) \nIBM Cognos Controller 10.4.1| [IBM Cognos Controller 10.4.1 IF14](<https://www.ibm.com/support/pages/node/6572655> \"IBM Cognos Controller 10.4.1 IF14\" ) \nIBM Cognos Controller 10.4.0| [IBM Cognos Controller 10.4.2 FP1](<https://www.ibm.com/support/pages/node/6556176> \"IBM Cognos Controller 10.4.2 FP1\" ) \n \n** \nIBM Cognos Controller Cloud**\n\nRemediation for IBM Cognos Controller 10.4.2 Cloud environments has completed and no further action is required.\n\nRemediation for IBM Cognos Controller 10.4.1 Cloud environments will be completed during the next scheduled maintenance weekend. \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-03T17:41:47", "type": "ibm", "title": "Security Bulletin: IBM Cognos Controller is affected but not vulnerable to arbitrary code execution and SQL injection due to Apache Log4j v1 vulnerabilities (CVE-2022-23305, CVE-2022-23302, CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305"], "modified": "2022-06-03T17:41:47", "id": "8379030AC78250788BA6A1EC3EE817EC994974E9473C0EECB5D7ACD3FDDA8ED6", "href": "https://www.ibm.com/support/pages/node/6591309", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:10:26", "description": "## Summary\n\nThere are multiple vulnerabilities in Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307) as described in the vulnerability details section. Apache Log4j v1 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in Db2 Web Query for i by upgrading to Apache Log4j 2.17. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Db2 Web Query for i| 2.2.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n\nThe issues can be fixed by upgrading to a higher Db2 Web Query for i release level. \nDb2 Web Query for i release 2.2.0 is impacted. The fix is to upgrade to either release 2.2.1 or 2.3.0 and to apply the latest group Program Temporary Fix (PTF) for the release. \n\nUpgrade to release 2.2.1 or 2.3.0 depending on the IBM i release level: \n\n\n \n\n\n| \n\nIBM i 7.4\n\n| \n\nIBM i 7.3\n\n| \n\nIBM i 7.2\n\n| \n\nIBM i 7.1 \n \n---|---|---|---|--- \n \nDb2 Web Query for i \n\n\n| \n\n2.3.0\n\n| \n\n2.3.0 \n\n\n| \n\n2.2.1 \n\n\n| \n\n2.2.1 \n \n \n\n\nThe group PTF numbers and minimum required levels for the fix for each IBM i release are: \n\n\nDb2 Web Query for i \n\n\n| \n\nIBM i 7.4\n\n| \n\nIBM i 7.3\n\n| \n\nIBM i 7.2\n\n| \n\nIBM i 7.1 \n \n---|---|---|---|--- \n \n2.3.0 \n\n\n| \n\nSF99654 level 4 \n\n\n| \n\nSF99533 level 4 \n\n\n| \n\nN/A \n\n\n| \n\nN/A \n \n2.2.1 \n\n\n| \n\nSF99653 level 12 \n\n\n| \n\nSF99433 level 12 \n\n\n| \n\nSF99434 level 12 \n\n\n| \n\nSF99435 level 12 \n \n \nFor information on upgrading to Db2 Web Query for i release 2.2.1 or 2.3.0, refer to the Installation and Upgrades link at <https://ibm.biz/db2wq-wiki>. \n\nGroup Program Temporary Fixes (PTFs) can be downloaded from [https://www.ibm.com/support/fixcentral/.](<https://www.ibm.com/support/fixcentral/>)\n\n_Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-25T14:48:34", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, IBM Db2 Web Query for i is vulnerable to arbitrary code execution (CVE-2021-4104, CVE-2022-23302, and CVE-2022-23307) and SQL injection (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-01-25T14:48:34", "id": "6B7E183EC35674B746DB7086B6A65F4C3CF3F256A6A5F607AE65074E1355241E", "href": "https://www.ibm.com/support/pages/node/6550822", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:04:28", "description": "## Summary\n\nMultple vulnerabilities exist in Apache log4j that could allow someone to execute arbitrary code on the system. Apache Log4j v1 is used by Cloud Pak System in order to generate logs and diagnostic traces in some of its components; IBM DB2 , IBM Tivoli Monitoring, IBM Spectrum Scale and IBM WebSphere Application Server. IBM Cloud Pak System has addressed these vulnerabilities. This security bulletin applies to Cloud Pak System, Cloud Pak System Software and Cloud Pak System Software Suite.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nSystems: W3500, W550 and W4600\n\nMain Product(s) Version(s)\n\n| \n\nVersion(s)\n\n| \n\nAffected Supporting Products Version(s) \n \n---|---|--- \n \nIBM Cloud Pak System \n\n| \n\nv2.3, v2.3.0.1, v2.3.1.1\n\n| \n\nNotice DB2 LUW 10.5 and DB2 LUW 11.1 end of support as per Withdrawal Announcements [ 920-049](<https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&appname=iSource&supplier=897&letternum=ENUS920-049>) and [918-138 ](<https://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS918-138/index.html&request_locale=en>)respectively. \n \nIBM Cloud Pak System \n\n| \n\nv2.3.2.0, v2.3.3.1, v2.3.3.2, v2.3.3.3, v2.3.3.3 interim fix 1\n\n| \n\nDB2. LUW 11.5 \n \nIBM Cloud Pak System Software Suite\n\n| \n\nv2.3, v2.3.0.1, v2.3.1.1\n\n| \n\nNotice DB2 LUW 10.5 and DB2 LUW 11.1 end of support as per Withdrawal Announcements [ 920-049](<https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&appname=iSource&supplier=897&letternum=ENUS920-049>) and [918-138 ](<https://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS918-138/index.html&request_locale=en>)respectively. \n \nIBM Cloud Pak System Software Suite\n\n| \n\nv2.3.2.0, v2.3.3.1, v2.3.3.2, v2.3.3.3, v2.3.3.3 interim fix 1\n\n| \n\nDB2. LUW 11.5 \n \n \n\n\n## Remediation/Fixes\n\nFor unsupported version/release/platform IBM recommends upgrading to a fixed, supported version of the product. \n\nApache log4jv1 is vulnerable to CVE-2021-4104 in non default configuration if applications use JMSAppender class which is not the default for Cloud Pak System. Cloud Pak System log4jv1 instances updates to log4j v2.17.1 with IBM Cloud Pak System v2.3.3.4. Cloud Pak System DB2 updated to V11.5.7 special build. Tivoli Monitoring ( ITM) updated to ITM 6.3.0.7 Interim fix 2a, IBM Spectrum Scale (5.0.5.12) ptype 1.2.19.0 and er support for WebSphere Application Server 8.5.5.21 and 9.0.5.11 Was Liberty 22.0.0.3.\n\nIBM strongly recommends addressing the vulnerability by upgrading to the latest fixed supported release of the product.\n\nFor IBM Cloud Pak System V2.3.0 through to V2.3.3.3 Interim Fix 1 upgrade to Cloud Pak System V2.3.3.4 at [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/IBM+Cloud+Pak+System&release=2.3.3.3&platform=All&function=all>)\n\nInformation on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>\n\nIf you are using product pattern type (pType), please refer to the security bulletin for that specific product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-30T10:03:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Cloud Pak System", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-05-30T10:03:47", "id": "D9DA80F42942BF2AE861A25807D73FB3CC5278F385F44A69EDF3332A73B6B7A7", "href": "https://www.ibm.com/support/pages/node/6590835", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:07:51", "description": "## Summary\n\nApache-Log4j - CVE-2021-4104, Apache-Log4j - CVE-2022-23302, Apache-Log4j - CVE-2022-23305, Apache-Log4j - CVE-2022-23307\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nTNPM| 1.4.x \n \n## Remediation/Fixes\n\nBelow are the CVE Details -\n\n**# Apache-Log4j - CVE-2021-4104 :** \nA flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint.\n\n**# Apache-Log4j - CVE-2022-23302 :** \nA flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.\n\n**# Apache-Log4j - CVE-2022-23305 :** \nA flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.\n\n**# Apache-Log4j - CVE-2022-23307 :** \nA flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.\n\n**These are the mitigation steps for the above mentioned issues :**\n\n * Comment out or remove JMSAppender, JMSSink, JDBCAppender in the Log4j configuration if it is used. There can be other log4j.xml files if configured additionally on customer's environment apart from below mentioned xmls.[Here $WMCROOT=/appl/virtuo (Virtuo Directory)] \n\n 1. $WMCROOT/as/server/default/conf/log4j.xml\n 2. $WMCROOT/conf/logging/cli/log4j.xml\n * Remove the JMSAppender, JMSSink, JDBCAppender class and Chainsaw classes from the classpath. \n\n 1. Take backup of below used log4j jars\n 2. Stop all the application services - as, asd, alarmcache, nccache and loader instances (as these components could be using log4j)\n 3. Execute the following command - \n\n 1. zip -q -d log4j*.jar org/apache/log4j/net/JMSAppender.class \n 2. zip -q -d log4j*.jar org/apache/log4j/net/JMSSink.class \n 3. zip -q -d log4j*.jar org/apache/log4j/jdbc/JDBCAppender.class \n 4. zip -q -d log4j*.jar org/apache/log4j/chainsaw/* \n 4. JMSAppender.class, JMSSink.class, JDBCAppender.class and Chainsaw classes can be found in following locations - [Here $WMCROOT=/appl/virtuo (Virtuo Directory)] \n\n 1. $WMCROOT/as/client/log4j.jar\n 2. $WMCROOT/as/lib/log4j-boot.jar\n 3. $WMCROOT/as/server/default/lib/log4j.jar\n 4. $WMCROOT/lib/tp/log4j.jar\n 5. Start all the services which were stopped in step #2\n * Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.\n\n## Workarounds and Mitigations\n\nFor an external (e.g. internet facing) attacker to exploit the aforementioned vulnerabilities is likely to have less possibility as as the application is deployed on local servers.\n\nVulnerability components/classes mentioned previously are not enabled by default, are not used in our application, and can be disabled. So the attack vector is greatly reduced as it depends on an attacker having to write access to compromise the configuration. Additionally, the application admin can change user permissions of respective files and restrict users.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-19T08:40:04", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Netcool Performance Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-03-19T08:40:04", "id": "92A25ACC7CA97D427DA5F098FEAD958217F50C6C07BA13888E0C08A046DD5DA3", "href": "https://www.ibm.com/support/pages/node/6538352", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:09:17", "description": "## Summary\n\nMultiple vulnerabilities exist in the Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application. The same Apache library is also used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. All vulnerabilities have been addressed previously by removing all existing Apache Log4j versions.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n**DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n**DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM WebSphere Application Server | 9.0 \nIBM WebSphere Application Server | 8.5 \nIBM WebSphere Application Server | 8.0 \nIBM WebSphere Application Server | 7.0 \nIBM WebSphere Application Server Liberty | 17.0.0.3 - 21.0.0.12 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities now by applying a currently available interim fix or fix pack that contains APAR PH42762. The interim fix PH42762 was provided previously with [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) and the interim fix PH42762 addresses these vulnerabilities for the affected IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. \n\n**For IBM WebSphere Application Server Liberty 17.0.0.3 - 21.0.0.12 using the zosConnect-1.0 or zosConnect-1.2 feature:**\n\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 22.0.0.1 or later.\n\n**For IBM WebSphere Application Server traditional:**\n\n**For V9.0.0.0 through 9.0.5.10:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.11 or later (when available). \n\n**For V8.5.0.0 through 8.5.5.20:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.21 or later (when available).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\nAfter applying the interim fix, follow the **Required next steps** provided previously with [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n_IBM WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nIf the interim fixes in PH42762 cannot be applied immediately, and the mitigation steps have not been applied previously for [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750>), then follow the temporary mitigation steps for WebSphere Application Server traditional in [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750>). Due to the severity, complexity, and evolving nature of the situation, no mitigation is recommended as a substitute for applying the interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-17T17:01:30", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to arbitrary code execution and SQL injection due to Apache Log4j. (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-02-17T17:01:30", "id": "18A47CF24DAFF468D1B3E48E56A7C723BAAB5077F0C1ED2DC22653DD05320A38", "href": "https://www.ibm.com/support/pages/node/6557248", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:01:11", "description": "## Summary\n\nDocker CLI (CVE-2021-41092) is vulnerable to attacks to obtain sensitive information. Docker CLI is used by IBM Spectrum Discover as part to the infrastructure to manage the images and containers in the system. Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) is vulnerable to attackers to execute arbitrary code to view, add, modify or delete information in the databases. Apache Log4j is used by IBM Spectrum Discover to authenticate inside to the modules of Apache kafka to log events. The fix include upgrade Apache Log4j to v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41092](<https://vulners.com/cve/CVE-2021-41092>) \n** DESCRIPTION: **Docker CLI could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when running \"docker login my-private-registry.example.com\" command with a misconfigured configuration file. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/210712](<https://exchange.xforce.ibmcloud.com/vulnerabilities/210712>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s**) \n---|--- \nIBM Spectrum Discover| 2.0.4 \nIBM Spectrum Discover| 2.0.4.1 \nIBM Spectrum Discover| 2.0.4.2 \nIBM Spectrum Discover| 2.0.4.3 \nIBM Spectrum Discover| 2.0.4.4 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\nInstalled versions of IBM Spectrum Discover (2.0.4, 2.0.4.1, 2.0.4.2, 2.0.4.3, 2.0.4.4) can be upgraded to fixed version using [IBM Spectrum Discover 2.0.4.5 upgrader](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Discover&release=2.0.4.5&platform=All&function=all> \"IBM Spectrum Discover 2.0.4.5 upgrader.\" ) and following the steps provided in our documentation ([IBM Spectrum Discover Documentation](<https://www.ibm.com/docs/en/spectrum-discover/2.0.4?topic=upgrading> \"IBM Spectrum Discover Documentation\" )).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-18T21:26:30", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Discover is vulnerable to Docker CLI (CVE-2021-41092) and Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) weaknesses", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-41092", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-08-18T21:26:30", "id": "924107D9B02B18393D3A9C581C7A30F6BF2CE559C23EC57F1E3C3A0DD8F4C7FB", "href": "https://www.ibm.com/support/pages/node/6568675", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:05:20", "description": "## Summary\n\nCrypto Hardware Initialization and Maintenance (CHIM) as shipped with IBM Common Cryptographic Architecture (CCA) for MTM 4767 is affected by several vulnerabilities in Apache Log4j (CVE-2021-4104, CVE-2022-23303, CVE 2022-23305 and CVE 2022-23307). CHIM is using Apache Log4j for internal logging purposes of regular user activity. The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nCCA for MTM 4767 for Linux x64 - Crypto Hardware Initialization and Maintenance (CHIM)| 5.0 - 5.7.11 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading:**\n\n**Product(s)**| **Version(s)**| **Instructions**** \n** \n---|---|--- \nCCA for MTM 4767 for Linux x64 - Crypto Hardware Initialization and Maintenance (CHIM)| 5.0 - 5.7.11| Download and install v5.7.12 (setup4767_5.7.12.bin) \n \nCHIM is bundled with CCA for MTM 4767 for Linux x64 and is a graphical tool used for initializing and configuring CCA.\n\nThe fixed version can be obtained from the [CCA Software Download Page](<https://www.ibm.com/security/cryptocards/pciecc4/software> \"CCA Software Download Page\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T14:31:09", "type": "ibm", "title": "Security Bulletin: Crypto Hardware Initialization and Maintenance is vulnerable to arbitrary code execution due to Apache Log4j (CVE 2021-4104, CVE 2022-23302, CVE 2022-23305, CVE 2022-23307)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23303", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-05-11T14:31:09", "id": "9DF953BC7DECA4AEB37E6E5B0033CA33D3284BD52F59162C055604134EA029E5", "href": "https://www.ibm.com/support/pages/node/6585004", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:07:59", "description": "## Summary\n\nApache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) is a dependency component shipped with the IBM Netcool/OMNIbus Probe DSL Factory Framework. The latest patch upgraded to Apache Log4j 2.17.1 that remediates the security vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool/OMNIbus Integrations - Probe DSL Factory Framework| probe-dsl-framework-1_0 up to and including probe-dsl-framework-7_0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now. **\n\nUpdated Product(s)| Version(s)| Remediation/Fix/Instructions \n---|---|--- \nIBM Tivoli Netcool/OMNIbus Integrations - Probe DSL Factory Framework| probe-dsl-framework-7_2| Refer to [release notice](<https://www.ibm.com/support/pages/node/727019> \"release notice\" ) for the part number of the new package and instructions for Apache Log4j upgrade \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-16T02:35:57", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, IBM Netcool/OMNIbus Probe DSL Factory Framework is vulnerable to arbitrary code execution (CVE-2022-23302, CVE-2022-23307) and SQL injection (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-03-16T02:35:57", "id": "014D42A4B1AF0BC556DD624E07D6BCF5E9F2F23FCE02471BB3F58278DF2FF765", "href": "https://www.ibm.com/support/pages/node/6563857", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:07:22", "description": "## Summary\n\nIBM App Connect Enterprise & IBM Integration Bus are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2022-23307, CVE-2022-23302) and SQL injection due to Apache Log4j (CVE-2022-23305). This affects the logging infrastructure in IBM App Connect Enterprise and IBM Integration Bus. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM App Connect Enterprise | V12.0.1.0 to V12.0.3.0 \nIBM App Connect Enterprise| \n\nV11.0.0.0 to V11.0.0.15\n\nAlso affects IBM App Connect Enterprise Toolkit \n\nV11.0.0.0 to V11.0.0.16 \n \nIBM Integration Bus| V10.0.0.6 to V10.0.0.25 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by the applying the appropriate fix to IBM Integration Bus/IBM App Connect Enterprise. **\n\n**In addition, apply the appropriate remediation to IBM Integration Bus Toolkit/IBM App Connect Enterprise Toolkit. \n**\n\n \nNote: This supersedes APARs IT39377 and IT39458\n\n**Product(s)**\n\n| \n\n** **\n\n**Version(s)**\n\n| **APAR**| \n\n**Remediation / Fix and Instructions \n** \n \n---|---|---|--- \nIBM App Connect Enterprise \n| V12.0.1.0 to V12.0.3.0| IT39515| \n\nInterim APAR fix for Windows is available from\n\n[12.0.3.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.3.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39515> \"\" )\n\n[12.0.2.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.2.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39515> \"\" )\n\n[12.0.1.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.1.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39515> \"12.0.1.0 IBM Fix Central\" )\n\nInterim APAR fix for the following platforms is available from [IBM Fix Central ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.3.0&platform=All&function=aparId&apars=IT39515> \"\" )\n\n * Linux x86-64\n * AIX\n * Linux on System z\n * Linux on Power Little Endian \n \nIBM App Connect Enterprise \n| V11.0.0.0- V11.0.0.15| IT39515| \n\nInterim fix for APAR is available for v11.0.0.10-11.0.0.15 from\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=11.0.0.15&platform=All&function=aparId&apars=IT39515> \"IBM Fix Central\" ) \n \nIBM Integration Bus \n| V10.0.0.6 to V10.0.0.25| IT39515| \n\nInterim fix for APAR is available for 10.0.0.25 from\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.25&platform=All&function=aparId&apars=IT39515> \"IBM Fix Central\" ) \n \n**Remediation to the IBM Integration Toolkit V10 and IBM App Connect Enterprise Toolkit V11, V12**\n\nDelete the following file: \n$MQSI_FILEPATH/tools/plugins/org.apache.log4j_<version>.v<datestamp>.jar \n \nWhere version is a 3 digit log4j version number and <datestamp> is the build date of the plugin. \n\n * **For example**: org.apache.log4j_1.2.15.v201012070815.jar \n \nNote that after applying this remediation it is not possible to install new patterns in the pattern explorer or install new features / software using the eclipse \"Install Software or Update\" dialog boxes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T12:22:27", "type": "ibm", "title": "Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2022-23307, CVE-2022-23302) and SQL injection due to Apache Log4j (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-04-01T12:22:27", "id": "E648FE893730BFA7050949B16F8159E217D9122952837F128792CC653052A172", "href": "https://www.ibm.com/support/pages/node/6568731", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:04:13", "description": "## Summary\n\nApache Log4j is used by IBM Telco Network Cloud Manager - Performance for logging and is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305). The fix includes Apache Log4j v2.17.1. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Telco Network Cloud Manager - Performance (TNCP)| TNC-P 1.4 \nIBM Telco Network Cloud Manager - Performance (TNCP)| TNC-P 1.4.1 \nIBM Telco Network Cloud Manager - Performance (TNCP)| TNC-P 1.3 \nIBM Telco Network Cloud Manager - Performance (TNCP)| TNC-P 1.2 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now. This Security Bulletin is applicable to all IBM Telco Network Cloud Manager - Performance released versions.**\n\nFor IBM Telco Network Cloud Manager - Performance 1.4.1:\n\nPlease download fix from [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Telco+Network+Cloud+Manager+-+Performance&fixids=1.4.1.TIV-TNCP-IF002&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Telco+Network+Cloud+Manager+-+Performance&fixids=1.4.1.TIV-TNCP-IF002&source=SAR>)\n\nFor more information about applying the fix, go to IBM Documentation : <https://www.ibm.com/docs/en/tncm-p/1.4.1?topic=configuring-installing>\n\nFor IBM Telco Network Cloud Manager - Performance 1.4 , 1.3 and 1.2: \n\nIf you have one of the listed affected versions, it is strongly recommended that you apply the most recent security update to UI service:\n\nApply the following updated UI service image by navigating into tncp product namespace -> statefulset -> ui\n\n * **If the product is deployed on Openshift env then use following image => **cp.icr.io/cp/tncp/basecamp-ui:2.4.1.0-166-d77181da@sha256:910ecb867298b343184bcc129c847695c4db3e8196241d52af2ba6c034d012e0\n * **If the product is deployed on Kubernetes environment then use following image :** docker.io/persistentsystems/basecamp-ui:2.4.1.0-166-d77181da@sha256:910ecb867298b343184bcc129c847695c4db3e8196241d52af2ba6c034d012e0\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T03:33:47", "type": "ibm", "title": "Security Bulletin: IBM Telco Network Cloud Manager - Performance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832", "CVE-2022-23302", "CVE-2022-23305"], "modified": "2022-06-02T03:33:47", "id": "5BB3B8EF53C6357C441C8592F64A284C30E9C1D6F5379087C40684A770A870AA", "href": "https://www.ibm.com/support/pages/node/6591351", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:05:24", "description": "## Summary\n\nIBM C\u00faram Social Program Management (SPM) uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) which could allow a remote attacker to execute arbitrary code on the system, or send specially-crafted SQL statements. This IBM owned log4j-ibm-1.2.17.2.jar file is based on materials taken from Apache Log4j 1.2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nC\u00faram SPM| 7.0.11 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing these vulnerabilities now by upgrading.**\n\n**_Product_**| **_VRMF_**| **_Remediation_** \n---|---|--- \nC\u00faram SPM| \n\n7.0.11\n\n| \n\nVisit IBM Fix Central and upgrade to [7.0.11_iFix7](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.11.0_RP&platform=All&function=all> \"7.0.11_iFix7\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-09T11:57:13", "type": "ibm", "title": "Security Bulletin: C\u00faram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-05-09T11:57:13", "id": "CEBCA68E903EDA603D607844229DFCF4454411F02836A215BCE53BF108AD589B", "href": "https://www.ibm.com/support/pages/node/6584095", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:04:08", "description": "## Summary\n\nIBM Netezza Analytics uses Log4j version 1.x. IBM Netezza Analytics has addressed the aplicable CVEs\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17571](<https://vulners.com/cve/CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21704](<https://vulners.com/cve/CVE-2022-21704>) \n** DESCRIPTION: **log4js-node module for Node.js could allow a local authenticated attacker to obtain sensitive information, caused by an issue with the default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable. By gaining access to the log files, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza Analytics| All versions <= 3.3.10 \n \n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \n \nIBM Netezza Analytics\n\n| 3.4.0| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FNetezza+Applications&release=ANALYTICS_3.4&platform=All&function=fixId&fixids=3.4.0.0-IM-Netezza-ANALYTICS-fp11044> \"Link to Fix Central\" ) \n \nNote: IBM Netezza Analytics addresses above CVEs by removing log4j from IBM Netezza Analytics.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-03T14:32:29", "type": "ibm", "title": "Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17571", "CVE-2021-4104", "CVE-2022-21704", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-06-03T14:32:29", "id": "37E104987DDBCB98288C981D0121D7E0E9C8345C5AF2BCE774DAAE155427E747", "href": "https://www.ibm.com/support/pages/node/6554466", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-14T23:40:47", "description": "## Abstract\n\nIBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305,CVE-2022-23302 and CVE-2020-9488 Exploit. \nSecurity Bulletin\n\n## Content\n\n**Summary**\n\nIBM Sterling B2B Integrator and Sterling Filegateway Products are NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305,CVE-2022-23302 and CVE-2020-9488 Exploit\n\n**Vulnerability Details**\n\nAfter conducting extensive research product code base, it is determined that none of the products outlined below are vulnerable to CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2020-9488.\n\n * IBM Sterling B2B Integrator\n * IBM Sterling Filegateway\n\n**Updated Wednesday, January 6, 2022**\n\nRefer to the IBM Sterling B2B Integrator and IBM Sterling Filegateway security bulletins for **additional information**:\n\n<https://www.ibm.com/support/pages/node/6527248>\n\n<https://www.ibm.com/support/pages/node/6537664>\n\n \n**Get Notified about Future Security Bulletins**\n\nSubscribe to [My Notifications](<http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n**References**\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\n**Related Information**\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS3JSW\",\"label\":\"IBM Sterling B2B Integrator\"},\"ARM Category\":[{\"code\":\"a8m50000000Cjy9AAC\",\"label\":\"Security-\\u003ESecurity Vulnerability\"}],\"ARM Case Number\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-03T20:50:59", "type": "ibm", "title": "IBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2020-9488 Exploit", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17571", "CVE-2020-9488", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-03-03T20:50:59", "id": "A150C2E017839DE1F5CBC686332D12515358F881E715C75E1B2D5509C5D5362A", "href": "https://www.ibm.com/support/pages/node/6538948", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T05:58:04", "description": "## Summary\n\nThe following security issues have been identified in the log4j-1.2.16.jar included as part of the IBM Operations Analytics - Log Analysis product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9493](<https://vulners.com/cve/CVE-2020-9493>) \n** DESCRIPTION: **Apache Chainsaw could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9488](<https://vulners.com/cve/CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17571](<https://vulners.com/cve/CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLog Analysis| 1.3.x \n \n## Remediation/Fixes\n\nVersion| Fix details \n---|--- \nIBM Operations Analytics - Log Analysis version 1.3.x| Upgrade to Log Analysis version 1.3.7 Fix Pack 2 \nDownload the [1.3.7-TIV-IOALA-FP2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Log+Analysis&release=1.3.7&platform=All&function=fixId&fixids=1.3.7-TIV-IOALA-FP2_signed&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"1.3.7-TIV-IOALA-FP2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-19T06:36:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics - Log Analysis", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17571", "CVE-2020-9488", "CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-09-19T06:36:49", "id": "E46E249A2A7ED001BEF59F483830A2690EC2B94A16D5E8A1028E94B1AA23DA4C", "href": "https://www.ibm.com/support/pages/node/6606605", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:03:18", "description": "## Summary\n\nApache Log4j is used by IBM Spectrum LSF Suite and IBM Platform Process Manager as part of its logging infrastructure. These vulnerabilities can be addressed by executing steps detailed in the Workaround section. These issues will be addressed in the next fix patch release 10.2.0.13 by end of July 2022.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9488](<https://vulners.com/cve/CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17571](<https://vulners.com/cve/CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9493](<https://vulners.com/cve/CVE-2020-9493>) \n** DESCRIPTION: **Apache Chainsaw could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum LSF Suite| 10.2.0.6, 10.2.0.7, 10.2.0.8, 10.2.0.9, 10.2.0.10, 10.2.0.11, 10.2.0.12 \nIBM Platform Process Manager| 10.2.0.6, 10.2.0.7, 10.2.0.8, 10.2.0.9, 10.2.0.10, 10.2.0.11, 10.2.0.12 \n \n\n\n## Remediation/Fixes\n\nFix Pack will be released once available. 10.2.0.13 will be available by Q2\n\n## Workarounds and Mitigations\n\nProduct | \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/First Fix \n \n---|---|---|--- \n \nIBM Spectrum LSF Suite\n\nIBM Platform Process Manager\n\n| \n\n10.2.0.6\n\n10.2.0.7\n\n10.2.0.8\n\n10.2.0.9\n\n10.2.0.10\n\n10.2.0.11\n\n10.2.0.12\n\n| \n\nNone\n\n| \n\nExecuting these steps will remove the vulnerbilities in log4j:\n\nRemove the JMSAppender.class, SMTPAppender.class, SMTPAppender$1.class, JMSSink.class, SocketServer.class, SimpleSocketServer.class and JDBCAppender.class from log4j-*.jar file\n\n1). find $JS_HOME -name \"log4j-*.jar\" -exec zip -q -d {} org/apache/log4j/net/JMSAppender.class \\;\n\nfind $JS_HOME -name \"log4j-*.jar\" -exec zip -q -d {} org/apache/log4j/net/SMTPAppender.class \\;\n\nfind $JS_HOME -name \"log4j-*.jar\" -exec zip -q -d {} org/apache/log4j/net/SMTPAppender\\$1.class \\;\n\nfind $JS_HOME -name \"log4j-*.jar\" -exec zip -q -d {} org/apache/log4j/net/JMSSink.class \\;\n\nfind $JS_HOME -name \"log4j-*.jar\" -exec zip -q -d {} org/apache/log4j/net/SocketServer.class \\;\n\nfind $JS_HOME -name \"log4j-*.jar\" -exec zip -q -d {} org/apache/log4j/net/SimpleSocketServer.class \\;\n\nfind $JS_HOME -name \"log4j-*.jar\" -exec zip -q -d {} org/apache/log4j/jdbc/JDBCAppender.class \\;\n\n2). reboot service\n\njadmin stop\n\njadmin start \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T22:12:35", "type": "ibm", "title": "Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17571", "CVE-2020-9488", "CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-06-22T22:12:35", "id": "73DEE30800CCC9325D5F1586487B2795A5B59E4F564CA3DF38C3A192975E9546", "href": "https://www.ibm.com/support/pages/node/6597675", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T05:54:26", "description": "## Summary\n\nApache Log4j is used by IBM Sterling Order Management as part of its logging utility and we strongly recommend upgrading to the latest supported version of log4j that was released as part of the latest FixPack.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-9488](<https://vulners.com/cve/CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-9493](<https://vulners.com/cve/CVE-2020-9493>) \n** DESCRIPTION: **Apache Chainsaw could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17571](<https://vulners.com/cve/CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Order Management| 10.0 \nIBM Sterling Order Management| 9.5.x \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest fixpack that has the upgraded version of log4j. Please note the fixpack only applies to IBM Sterling Order Management version 10 and if you are running IBM Sterling Order Management version 9.5 a product upgrade must be completed first. IBM Sterling Order Management version 9.5 reached end of support April 30, 2022.\n\nOrder Management installing Fix Pack 30 - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp30>\n\nFix Pack 30 download location - [https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software>)\n\nmigrating to log4j2 - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-migrating-log4j2>\n\ncustomizing log4j2 - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-customizing-log4j2>\n\nRolling back log4j1 - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=log4j2-rolling-back-log4j1x>\n\n## Workarounds and Mitigations\n\nIBM strongly recommends addressing the vulnerability now by executing above steps in product version 10.0. Version 9.5 reached end of support as of April 30, 2022. If you need further clarifications regarding 9.5 end of support, log4j and version 9.5 please contact IBM support.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-20T18:18:17", "type": "ibm", "title": "Security Bulletin: IBM Sterling Order Management migration strategy to Apache Log4j vulnerability (see CVEs below)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17571", "CVE-2020-9488", "CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-10-20T18:18:17", "id": "906B64791AA71F432F14BB58CCAEE6A9622AD741C3E459C5C2594F4C546B7BA9", "href": "https://www.ibm.com/support/pages/node/6830971", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T05:54:43", "description": "## Summary\n\nApache Log4j 1.x vulnerabilities may impact IBM InfoSphere Information Server which uses Apache Log4j for logging.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9488](<https://vulners.com/cve/CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17571](<https://vulners.com/cve/CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9493](<https://vulners.com/cve/CVE-2020-9493>) \n** DESCRIPTION: **Apache Chainsaw could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.7| [DT144440](<https://www.ibm.com/mysupport/aCI3p000000XjEi> \"DT144440\" ) \n| \\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply InfoSphere Information Server version [11.7.1.4](<https://www.ibm.com/support/pages/node/6620275> \"11.7.1.4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T22:13:39", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17571", "CVE-2020-9488", "CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-10-14T22:13:39", "id": "E6EE20198BD4C32711820E67FB3A052C1C4BCF0D11A5A4BBA683215A3FA5825E", "href": "https://www.ibm.com/support/pages/node/6829357", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-07-25T05:38:40", "description": "## Summary\n\nMultiple vulnerabilities exist in the Apache Log4j open source library used by IBM Security Access Manager for Enterprise Single Sign-On. These vulnerabilities have been addressed. Customers are encouraged to immediately update their systems.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2023-26464](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249785>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the Chainsaw or SocketAppender components. By sending a specially crafted hashmap or hashtable, a remote attacker could exploit this vulnerability to exhaust available memory in the virtual machine, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249785](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249785>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9493](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203829>) \n** DESCRIPTION: **Apache Chainsaw could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9488](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17571](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-4104](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Access Manager for Enterprise Single-Sign On| 8.2.2 \n \n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly by applying Fix Pack 15 on IBM Security Access Manager for Enterprise Single-Sign On version 8.2.2 as per the details available [here](<https://www.ibm.com/support/pages/node/7009621> \"here\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-07-25T04:26:28", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j affects IBM Security Access Manager for Enterprise Single Sign-On", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17571", "CVE-2020-9488", "CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307", "CVE-2023-26464"], "modified": "2023-07-25T04:26:28", "id": "873E4E7D31B3D0678D775F72B794EC936D165E1CF0679FF3C31754D430863C36", "href": "https://www.ibm.com/support/pages/node/7014395", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:04:09", "description": "## Summary\n\nIBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVEs\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-21704](<https://vulners.com/cve/CVE-2022-21704>) \n** DESCRIPTION: **log4js-node module for Node.js could allow a local authenticated attacker to obtain sensitive information, caused by an issue with the default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable. By gaining access to the log files, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-23307](<https://vulners.com/cve/CVE-2022-23307>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17571](<https://vulners.com/cve/CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza Analytics for NPS| All versions <= 11.2.23 \n \n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \n \nIBM Netezza Analytics for NPS\n\n| 11.2.24| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=INZA_11.2&platform=All&function=fixId&fixids=11.2.24-WS-ICPDS-INZA-fp10905> \"Link to Fix Central\" ) \n \nNote: IBM Netezza Analytics for NPS addresses above CVEs by removing log4j from IBM Netezza Analytics for NPS.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-03T14:32:29", "type": "ibm", "title": "Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics for NPS", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17571", "CVE-2022-21704", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-06-03T14:32:29", "id": "B97713A9D1C3353360B57D1AD1EC137AB7A100FBE009625EB3FD31558B3B3304", "href": "https://www.ibm.com/support/pages/node/6551856", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T01:45:48", "description": "## Summary\n\nA security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Automation Manager| 4.2.0.1 \n \n\n\n## Remediation/Fixes\n\nDownload IBM Cloud Automation Manager 4.2.0.1 iFix 6 from [https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0>)\n\nFollow the instructions in Readme link in [https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0>) to install the iFix 6 to your IBM Cloud Automation Manager 4.2.0.1.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-16T16:05:10", "type": "ibm", "title": "Security Bulletin: A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-16T16:05:10", "id": "9D535841DFB625485F828C1AD532A5F722DFDE1766DF97C23C9B7A1E20BF46B4", "href": "https://www.ibm.com/support/pages/node/6564027", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:40:06", "description": "## Summary\n\nIBM B2B Advanced Communications has addressed vulnerabilities in Apache Log4j shipped with product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM B2B Advanced Communications| 1.0.0.x \nIBM Multi-Enterprise Integration Gateway| 1.0.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product \n** | \n\n**Version**\n\n| \n\n**Remediation** \n \n---|---|--- \n \nIBM B2B Advanced Communications\n\n| \n\n1.0.0.x\n\n| Apply fix pack [1.0.0.8](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.7&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.8_FixPack_Media&includeSupersedes=0> \"1.0.0.8\" ) \nIBM Multi-Enterprise Integration Gateway| \n\n1.0.0.1\n\n| Apply fix pack [1.0.0.8 ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.7&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.8_FixPack_Media&includeSupersedes=0> \"1.0.0.8\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-15T15:28:38", "type": "ibm", "title": "Security Bulletin: IBM B2B Advanced Communications is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2023-02-15T15:28:38", "id": "24788EE0E98DD110216E44ED965A5D9F543670037D32B049BA08AB2FCE99954B", "href": "https://www.ibm.com/support/pages/node/6955863", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:50:33", "description": "## Summary\n\nIBM Sterling Secure Proxy is vulnerable to arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-4104). The fix includes Apache Log4j 2.17.2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Secure Proxy| 3.4.3.2 \nIBM Sterling Secure Proxy| 6.0.3 \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRMF**| **iFix**| **Remediation** \n---|---|---|--- \nIBM Sterling Secure Proxy| 6.0.3| iFix 04| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling Secure Proxy| 3.4.3.2| iFix 16| [Fix Central - 3432](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.2&platform=All&function=all> \"Fix Central - 3432\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-29T17:27:52", "type": "ibm", "title": "Security Bulletin: IBM Secure Proxy is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-29T17:27:52", "id": "8387CADEEB9AD0E38758303B1E6B37B37C256D2B869802656DF93547861A6E7D", "href": "https://www.ibm.com/support/pages/node/6608552", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:51:13", "description": "## Summary\n\nApache Log4j is used by IBM Cloud Pak for Multicloud Management Monitoring as part of its logging infrastructure. Apache Log4j v1.2 has been removed and replaced by Log4j v2.17.1. Components that use Apache Log4j v1.2 are not exposed outside the cluster and are not configured to use the vulnerable Log4j v1 classes. Furthermore, it will take extraordinary measures by a malicious insider to attempt to reconfigure the components to be vulnerable. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| 2.0 - 2.3 Fix Pack 4 \n \n\n\n## Remediation/Fixes\n\nTo address the vulnerability, IBM strongly recommends you to upgrade IBM Cloud Pak for Multicloud Management to 2.3 Fix Pack 5. For upgrading instructions, see <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade.>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-13T12:07:09", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-13T12:07:09", "id": "79F27EA8D0C27492E095D11A78FA60F4F4AF9FD3E6253C90F069133418B26369", "href": "https://www.ibm.com/support/pages/node/6603367", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:06", "description": "## Summary\n\nApache Log4j open source library used by \"Internet Service Monitoring Agent\" (ISM Agent) is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. ISM Agent has addressed the applicable CVE. As a part of solution log4j has been upgraded to version 2.17.0.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Application Performance Monitoring Base Extension| All \n \n\n\n## Remediation/Fixes\n\nProduct| Agent Version| Remediation / First Fix \n---|---|--- \nIBM Cloud Application Performance Monitoring Base Extension| 08.22.01.00| [Readme](<https://www.ibm.com/support/pages/node/6537764> \"Readme\" )\n\n[Fix Central - 8.1.4.0-IBM-APM-ISM-AGENT-IF0001 ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-ISM-AGENT-IF0001&source=SAR> \"Fix Central - 8.1.4.0-IBM-APM-ISM-AGENT-IF0001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T12:39:15", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects some features of Internet Service Monitoring Agent for IBM Application Performance Management(CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-14T12:39:15", "id": "557FEAA9FD49A623B36AA794CBD78D1D6EA826F1C2AEA89A3A506E39C9747F0D", "href": "https://www.ibm.com/support/pages/node/6540924", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:01", "description": "## Summary\n\nA vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| _7.1.0.1 ~ 7.1.0.17 \n_| _IJ21951_| **For V7.1.0.1 through 7.1.0.17:** \nApply Fix Pack [7.1.0.18](<https://www.ibm.com/support/pages/ibm-tivoli-netcoolimpact-v710-fix-pack-18-710-tiv-nci-fp0018> \"7.1.0.18\" ) or later. \n \nAfter applying the Fix Pack, IBM strongly recommends also applying Interim Fix [7.1.0-TIV-NCI-IF0009.](<https://www.ibm.com/support/pages/node/6526090> \"7.1.0-TIV-NCI-IF0009\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-22T15:17:36", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-22T15:17:36", "id": "764D43B19DB882B179B2481514054E45C07FF586B99F1C4000C1226C3914117B", "href": "https://www.ibm.com/support/pages/node/6536708", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:45:24", "description": "## Summary\n\nThe fix removes Apache log4j v1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\n** IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Security Identity Manager| 6.0.2| [6.0.2-ISS-SIM-FP0005](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/Tivoli+Identity+Manager&release=6.0.2.4&platform=All&function=fixId&fixids=6.0.2-ISS-SIM-FP0005&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"6.0.2-ISS-SIM-FP0005\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-21T16:34:43", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Manager is affected by log4j vulnerability. (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-10-21T16:34:43", "id": "8D902B719598684128A34639AA16F1EDF6856E69A3A9FD47AE77E5043BF92C99", "href": "https://www.ibm.com/support/pages/node/6831267", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:58", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library which is used by IBM Analytical Decision Management for logging of messages and traces. This issue has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Analytical Decision Management| 18.0 \n \n\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nProduct | VRMF| Workarounds \n---|---|--- \nIBM Analytical Decision Management| 18.0.0.0| [18.0.0.0](<https://www.ibm.com/support/pages/node/6540548> \"18.0.0.0\" ) \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-11T02:43:59", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Analytical Decision Management (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-11T02:43:59", "id": "34C62F8C9BA8A3F48C2C371F5DC178D685A81D56716C94C7C68D95273F0299F6", "href": "https://www.ibm.com/support/pages/node/6562871", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:26", "description": "## Summary\n\nVulnerability in Apache Log4j (CVE-2021-4104) may affect IBM Security Access Manager for Enterprise Single Sign-On. Although no known vulnerability impact has been proven, it is strongly recommended to apply the fix that upgrades log4j from version 1.x to version 2.1.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Access Manager for Enterprise Single-Sign On| 8.2.0, 8.2.1, 8.2.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends customers update their systems promptly. \n\n(1) Security vulnerabilities related to log4j are addressed and fixed in IBM Security Access Manager for Enterprise Single-Sign On version 8.2.2 only. Customers running a version prior to version 8.2.2 should first upgrade to IBM Security Access Manager for Enterprise Single-Sign On version 8.2.2, and then apply Fix Pack 13.\n\n(2) Apply Fix Pack 13 on IBM Security Access Manager for Enterprise Single-Sign On version 8.2.2 as per the details available [here](<https://www.ibm.com/support/pages/node/6566059> \"here\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T03:04:02", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-31T03:04:02", "id": "1999DB7DA98AE073A34DD83F5547894F0F8C1DC9FB860A963E2002A469B5FC74", "href": "https://www.ibm.com/support/pages/node/6568203", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:50", "description": "## Summary\n\nApache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JMSAppender in Apache Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The fix includes Apache Log4j 2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct Web Services| 1.0 \nIBM Sterling Connect:Direct Web Services| 6.0 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\n**Product(s)**| **Version(s)**| **Remediation/Fix \n** \n---|---|--- \nIBM Sterling Connect:Direct Web Services| 1.0, 6.0| Apply 6.0.0.6, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T05:36:17", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to untrusted data deserialization due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-18T05:36:17", "id": "67888E8EA83126B823C64DF445FE590186D22B46F294306313C37B870873F831", "href": "https://www.ibm.com/support/pages/node/6557198", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:34", "description": "## Summary\n\nLog4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-4104 by upgrading Watson Explorer and thus addressing the exposure to the log4j vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.7 \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.7 \n \nIBM Watson Explorer Deep Analytics Edition oneWEX| \n\n12.0.0.0, 12.0.0.1\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.7 \n \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.11 \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.11 \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3 \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2 \n \n\n\n## Remediation/Fixes\n\n**Affected Product**| **Affected Versions**| **How to acquire and apply the fix** \n---|---|--- \nIBM Watson Explorer DAE \nFoundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7\n\n| Upgrade to Version 12.0.3.8. \n\nSee [Watson Explorer Version 12.0.3.8 Foundational Components](<https://www.ibm.com/support/pages/node/6525738>) for download information and instructions. \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7| \n\nUpgrade to Version 12.0.3.8. \n \nSee [Watson Explorer Version 12.0.3.8 Analytical Components](<https://www.ibm.com/support/pages/node/6525740>) for download information and instructions. \n \nIBM Watson Explorer Deep Analytics Edition oneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7| \n\nUpgrade to Version 12.0.3.8. \n \nSee [Watson Explorer Version 12.0.3.8 oneWEX](<https://www.ibm.com/support/pages/node/6525736>) for download information and instructions. \n \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.11| \n\nUpgrade to Version 11.0.2.12. \n\nSee [Watson Explorer Version 11.0.2.12 Foundational Components](<https://www.ibm.com/support/pages/node/6525750>) for download information and instructions. \n \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.11| \n\nUpgrade to Version 11.0.2.12. \n \nSee [Watson Explorer Version 11.0.2.12 Analytical Components](<https://www.ibm.com/support/pages/node/6525752>) for download information and instructions. \n \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3| \n\n 1. If you have not already installed, install Version 12.0.3. For information about Version 12.0.3, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/docview.wss?uid=ibm10880811>).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.0&platform=All&function=all>): **12.0.3.0-WS-WatsonExplorer-DAEAnalytical-CAStudio-IF001.**\n 3. To apply the fix, follow the steps below. \n\n 1. Delete `%CA_STUDIO_INSTALL_DIR%\\plugins\\com.hp.hpl.jena_2.11.0` folder\n 2. Extract the interim fix zip file to the `%CA_STUDIO_INSTALL_DIR%\\plugins` folder\n 3. Run command `%CA_STUDIO_INSTALL_DIR%\\studio.exe -clean` in Command Prompt \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2| \n\n 1. If you have not already installed, install Version 11.0.2.2. \n\n * For information about Version 11.0.2, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/pages/node/724425>).\n * For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>).For information about Version 11.0.2.2, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.2&platform=All&function=all>): **11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-IF001**.\n 3. To apply the fix, follow the steps below. \n\n 1. Delete `%CA_STUDIO_INSTALL_DIR%\\plugins\\com.hp.hpl.jena_2.11.0` folder\n 2. Extract the interim fix zip file to the `%CA_STUDIO_INSTALL_DIR%\\plugins` folder\n 3. Run command `%CA_STUDIO_INSTALL_DIR%\\studio.exe -clean` in Command Prompt \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T16:35:05", "type": "ibm", "title": "Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T16:35:05", "id": "B1A68CACAA6679250CA76269F03D20A3A14E734FC434CC8F824869D436C7691E", "href": "https://www.ibm.com/support/pages/node/6527728", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:02", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library which is used by SPSS Collaboration and Deployment Services for logging of messages and traces. This issue has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Collaboration and Deployment Services| 8.2.2 \nSPSS Collaboration and Deployment Services| 8.2.1 \nSPSS Collaboration and Deployment Services| 8.2 \nSPSS Collaboration and Deployment Services| 8.1.1 \nSPSS Collaboration and Deployment Services| 8.1 \nSPSS Collaboration and Deployment Services| 8.0 \nSPSS Collaboration and Deployment Services| 7.0.0.1 \n \n\n\n## Remediation/Fixes\n\nThe fix includes Apache Log4j 2.17.1. \n\nProduct\n\n| VRMF| Remediation/First Fix \n---|---|--- \nSPSS Collaboration and Deployment Services| 8.2.2.0| [8.2.2.0](<https://www.ibm.com/support/pages/node/6538374> \"8.2.2.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.1.0| [8.2.1.0](<https://www.ibm.com/support/pages/node/6549774> \"8.2.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.0.0| [8.2.0.0](<https://www.ibm.com/support/pages/node/6551324> \"8.2.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.1.0| [8.1.1.0](<https://www.ibm.com/support/pages/node/6558090> \"8.1.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.0.0| [8.1.0.0](<https://www.ibm.com/support/pages/node/6559616> \"8.1.0.0\" ) \n \n## Workarounds and Mitigations\n\nProduct | VRMF| Workarounds \n---|---|--- \nSPSS Collaboration and Deployment Services| 8.1.1.0| [8.1.1.0 deployed on WebLogic](<https://www.ibm.com/support/pages/node/6556402> \"8.1.1.0 deployed on WebLogic\" ) \nSPSS Collaboration and Deployment Services| 8.1.0.0| [8.1.0.0 deployed on Weblogic](<https://www.ibm.com/support/pages/node/6556402> \"8.1.0.0 deployed on Weblogic\" ) \nSPSS Collaboration and Deployment Services| 8.0.0.0| [8.0.0.0](<https://www.ibm.com/support/pages/node/6540548> \"8.0.0.0\" ) \nSPSS Collaboration and Deployment Services| 7.0.0.1| [7.0.0.1](<https://www.ibm.com/support/pages/node/6540548> \"7.0.0.1\" ) \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-11T02:29:04", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects SPSS Collaboration and Deployment Services (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-11T02:29:04", "id": "BCA4DDDC22FE85DAB9D2E5ADDAEAD6563E17D19717B4C182BB170A0C9FFE053A", "href": "https://www.ibm.com/support/pages/node/6562867", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:36", "description": "## Summary\n\nA vulnerability in Apache Log4j v1 could result in remote code execution. IBM Spectrum Archive Enterprise Edition includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j v1 files. The below fix package includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nEnterprise Edition| 1.3.0.0 - 1.3.0.7 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing this vulnerability now by upgrading.**\n\n**Note: The fix includes Log4j v2.17.1**\n\nAffected Versions| Fixing Level| Platform \n---|---|--- \n1.3.0.0 - 1.3.0.7| 1.3.2.4 - [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%20drivers%20and%20software&product=ibm/Storage_Tape/LTFS+Enterprise+Edition+%28EE%29&release=All&platform=All&function=all> \"\" )| Linux \n \nBased on current analysis and information, IBM Spectrum Archive Library Edition (LE) and Single Drive Edition (SDE) are not affected. \n\n## Workarounds and Mitigations\n\n**For Log4j in Elasticsearch and Logstash, which were previously redistributed by IBM Spectrum Archive Enterprise Edition, between version 1.3.0.0 to 1.3.2.1, IBM strongly recommends addressing the vulnerability now by executing the Workarounds and Mitigations in <https://www.ibm.com/support/pages/node/6527808>**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-26T04:59:26", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-26T04:59:26", "id": "799E22A0B313A80AA913F26586384A61E5E0908C4DC4366D683B19D6B359930D", "href": "https://www.ibm.com/support/pages/node/6551074", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:38", "description": "## Summary\n\nApache Log4j open source library is used by IBM Data Studio Client. This bulletin describes the upgrades necessary to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Data Studio client| All \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRM**\n\n| \n\n**Remediation** \n \n---|---|--- \n \nIBM Data Studio Client\n\n| \n\n4.1.x\n\n| \n\nUpgrade to: IBM Data Studio Client [4.1.4 APAR1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FIBM+Data+Studio&fixids=DS414_APAR1Patch&source=SAR> \"4.1.4 APAR1\" ) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-24T14:35:12", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Data Studio Client (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-24T14:35:12", "id": "AEF7A95EE3DB6896F5C04951844A71B4C94EDDD29868D0C8038CC869982B4892", "href": "https://www.ibm.com/support/pages/node/6550448", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:50:09", "description": "## Summary\n\nApache Log4j is used by IBM Content Manager Enterprise Edition, as part of is logging infrastructure. This fix includes Apache Log4j V2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nContent Manager Enterprise Edition | 8.6 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\nGo to Passport Advantage. Download Content Manager Enterprise Edition 8.7:\n\n<https://www.ibm.com/software/howtobuy/passportadvantage/paocustomer>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-16T19:43:35", "type": "ibm", "title": "Security Bulletin: IBM Content Manager Enterprise Edition is is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-16T19:43:35", "id": "B4E820AD02AFA9A6FFF21A8A1E58FC3B4CCBE776135D3A61B5EEFABE2D5E6B0F", "href": "https://www.ibm.com/support/pages/node/6602251", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:43:40", "description": "## Summary\n\nApache log4j version 1 is vulnerable to CVE-2021-4104 (Publicly disclosed vulnerability) used by IBM Tivoli Application Dependency Discovery Manager\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0 - 7.3.0.9 \n \n\n\n## Remediation/Fixes\n\nTADDM FixPack 7.3.0.10 has been released with Apache log4j v2.17.2. Please upgrade to 7.3.0.10 to resolve all known log4j vulnerabilities at the date of release.\n\nPlease refer to the table below to download TADDM FixPack 7.3.0.10.\n\n**Fix**| **How to acquire fix** \n---|--- \n7.3-TIV-ITADDM-FP00010| [Download FixPack](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Application+Dependency+Discovery+Manager&fixids=7.3-TIV-ITADDM-FP00010&source=SAR> \"Download FixPack\" ) \n \nPlease refer to the URL for TADDM FixPack 7.3.0.10 Release Notes containing more information about the update.\n\n<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-06T11:22:32", "type": "ibm", "title": "Security Bulletin: TADDM log4j vulnerable to CVE-2021-4104 (Publicly disclosed vulnerability)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-12-06T11:22:32", "id": "C95EF271B0237B71243BDA3549504EB22E0DD9DED53FF9746E19657C0AFA1DB6", "href": "https://www.ibm.com/support/pages/node/6845492", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:03", "description": "## Summary\n\nIBM Security Directory Integrator (SDI) has upgraded to log4j 2.17.1. Although SDI was technically not vulnerable to the issue described below because it did not use JMSAppender, as a matter of good software hygiene the product has upgraded to the current version of log4j. SDI uses log4j as part of its logging infrastructure.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Directory Integrator | 7.2.0 \n \n\n\n## Remediation/Fixes\n\nIBM Security Directory Integrator 7.2 Fix Pack 8 upgrades to log4j 2.17.1. This fix pack can be downloaded from the link below. IBM strongly recommends upgrading. \n\n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FSecurity+Directory+Integrator&fixids=7.2.0-ISS-SDI-FP0008&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FSecurity+Directory+Integrator&fixids=7.2.0-ISS-SDI-FP0008&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-07T06:12:43", "type": "ibm", "title": "Security Bulletin: IBM Security Directory Integrator has upgraded log4j", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-07T06:12:43", "id": "7D4A2B8204853C2F9D7609FF18BDA1CA6FACC39361487DB8DDF6D40FB6E92420", "href": "https://www.ibm.com/support/pages/node/6561601", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:37:32", "description": "## Summary\n\nMultiple sub-components of IBM i ship log4j version v1.x files making them vulnerable to the issue described in the vulnerability details section. IBM Navigator for i - heritage version uses log4j v1.x and cannot be updated to log4j v2.x. Integrated Web Server (IWS) V2.6 contains unused references to log4j v1.x packages. IBM i 7.2 - Integrated Application Server (IAS) V7.1 & V8.1 and Integrated Web Server (IWS) V1.3 & V1.5 use log4j v1.x and cannot be updated to log4j v2.x. IBM i Access Client Solutions (ACS) version 1.1.8.6 and earlier included an unused log4j v1.x jar file. IBM i has addressed the applicable CVE as described in the Remediation/Fixes section. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Navigator for i (heritage version only)| IBM i 7.4, 7.3, and 7.2 (heritage version) \nIntegrated Web Server (IWS)| \n\nIBM i 7.4, 7.3, and 7.2 - V2.6\n\nIBM i 7.2 - V1.3 and V1.5 \n \nIntegrated Application Server (IAS)| IBM i 7.2 - V7.1 and V8.1 \nIBM i Access Client Solutions| 1.1.8.6 and earlier \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the fixes.\n\n**IBM i Access Client Solutions version 1.1.8.6 and earlier **included an unused log4j v1.x jar file. The issue can be fixed by upgrading to ACS version 1.1.8.7 or later. Details for how to get the latest version of IBM i Access Client Solutions are available at** <https://www.ibm.com/support/pages/ibm-i-access-client-solutions> **\n\n**Integrated Web Server (IWS) V2.6** included unused references to log4j v1.x packages. The issue can be fixed by applying PTFs to IBM i. Releases 7.4 and 7.3 of IBM i will be fixed.\n\n**IBM i 7.2 only - Integrated Application Server (IAS) V7.1 & V8.1 and Integrated Web Services Server (IWS) V1.3 & V1.5** use log4j v1.x and cannot be updated. Customers can fix the log4j issues by migrating to the liberty-based support already available for ten years (V2.6). These server runtimes have been removed from the 7.2 release. With this fix, the server runtimes are removed and these servers will no longer run. If still using this level of IWS, migrate the web service to the V2.6 level before applying these PTFs. Details for migrating can be found at: <https://www.ibm.com/support/pages/how-migrate-your-ibm-integrated-web-services-iws-server-v13v15-v26>. The issue can be fixed by applying PTFs to IBM i. Release 7.2 of IBM i will be fixed.\n\nThe IBM i PTF numbers containing the fixes follow. Future Group PTFs for HTTP Server will also contain the fixes for this CVE. \n\nIBM i Release| 5770-DG1 \nIBM HTTP Server for i Group PTF - Level| PTF Download Link \n---|---|--- \n7.4| SF99662 - 19| [SF99662 740 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99662>) \n7.3| SF99722 - 38| [SF99722 730 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99722>) \n7.2| SF99713 - 49| [SF99713 720 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99713>) \n \n**<https://www.ibm.com/support/fixcentral>**\n\n**IBM Navigator for i - heritage version **uses log4j v1.x and cannot be updated to log4j v2.x or be removed from use. The issue can be resolved by permanently removing the heritage version of IBM Navigator for i from the partition. \n\n\nThe IBM i PTF numbers for removing the heritage version follow. Future Group PTFs for HTTP Server will NOT contain the fixes that remove the jar files for this CVE.\n\nIBM i Release| 5770-DG1 HTTP Server for i PTFs| PTF Download Links \n---|---|--- \n7.4| \n\nSI82995, SI82996\n\n| <https://www.ibm.com/support/pages/ptf/SI82995> <https://www.ibm.com/support/pages/ptf/SI82996> \n7.3| SI82997, SI82998| <https://www.ibm.com/support/pages/ptf/SI82997> <https://www.ibm.com/support/pages/ptf/SI82998> \n7.2| SI83098, SI83099| <https://www.ibm.com/support/pages/ptf/SI83098> <https://www.ibm.com/support/pages/ptf/SI83099> \n \n**<https://www.ibm.com/support/fixcentral>**\n\n## Workarounds and Mitigations\n\n**IBM Navigator for i - heritage version** uses log4j v1.x and cannot be updated to log4j v2.x or be removed from use. \n\nThe issue can be mitigated by discontinuing the use of the heritage version of IBM Navigator for i. The mitigation will remove the heritage version from the configuration of Admin2 and Admin2 will now start by default. Prior mitigation disabled the ADMIN2 server (where the heritage Navigator runs) from starting and running without user interaction. Additionally, the userdata runtime cache files (where the reference to log4j can be found) were deleted by this fix. The issue can be mitigated by applying PTFs to IBM i. Releases 7.4, 7.3, and 7.2 of IBM i will be mitigated. \n\nIt is strongly recommended that heritage Navigator be permanently removed by following the instructions in the remediation/fixes section, however if there are key features required, heritage Navigator can be enabled and started temporarily at your own risk. To do so, refer to these instructions: <https://www.ibm.com/support/pages/heritage-navigator-enable-and-disable-instructions>\n\nNote: If heritage Navigator is started, the userdata cache files are re-created and will have to be manually removed. Details are in the above link. \n\nThe IBM i PTF numbers containing the mitigation follow. Future Group PTFs for HTTP Server will also contain the mitigation for this CVE. \n\nIBM i Release| 5770-DG1 \nIBM HTTP Server for i Group PTF - Level| PTF Download Link \n---|---|--- \n7.4| SF99662 - 26| [SF99662 740 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99662>) \n7.3| SF99722 - 43| [SF99722 730 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99722>) \n7.2| SF99713 - 52| [SF99713 720 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99713>) \n \n**<https://www.ibm.com/support/fixcentral>**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-07T18:39:58", "type": "ibm", "title": "Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2023-04-07T18:39:58", "id": "C3CC9C6067F468B5E8ED9105BE61107CCE29495A0D130C16712741E71E88E9E5", "href": "https://www.ibm.com/support/pages/node/6539162", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:50", "description": "## Summary\n\nA vulnerability was identified within the Apache Log4j library that is used by IBM Storage Support for Microsoft Volume Shadow Copy Service (VSS) and Virtual Disk Service (VDS) for IBM Spectrum Virtualize family and IBM DS8000 family storage systems. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/215048> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service | lower than 4.18.0 \n \n## Remediation/Fixes\n\nUpgrade to IBM Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service 4.18.0.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-24T15:01:59", "type": "ibm", "title": "Security Bulletin: IBM Storage Support for Microsoft Volume Shadow Copy Service (VSS) and Virtual Disk Service (VDS) is affected by a vulnerability in Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-24T15:01:59", "id": "83AD6F5CAFB9C45D9169EC79DAD316AF1A872ADE2380EB094BA1BF97BED4BFDE", "href": "https://www.ibm.com/support/pages/node/6536886", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:49:28", "description": "## Summary\n\nApache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM Engineering Lifecycle Engineering products version 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 are vulnerable to this attack, it has been addressed in this bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nVersions\n\n| \n\nAffected Products \n \n---|--- \n \n6.0.6,\n\n6.0.6.1,\n\n7.0,\n\n7.0.1,\n\n7.0.2\n\n| \n\nIBM Jazz Reporting Service \n \nIBM Global Configuration Management \n \nIBM Engineering Workflow Management (EWM) \n \nJazz Foundation \n \nIBM Engineering Lifecycle Optimization - Engineering Insights \n \nIBM Engineering Lifecycle Optimization - Method Composer \n \nBM Engineering Lifecycle Optimization - Publishing \n \nIBM Engineering Requirements Management DOORS Next \n \nIBM Engineering Test Management \n \nIBM Engineering Requirements Management \n \nIBM Engineering Lifecycle Optimization - Integration Adapters Tasktop Edition \n \n** **\n\n \n\n\n## Remediation/Fixes\n\nFor The IBM\u00ae Engineering Lifecycle Engineering products versions 7.0.2, IBM strongly recommends addressing the vulnerability by applying a currently available ELM 7.0.2 SR1 iFix 15\n\nFor The IBM\u00ae Engineering Lifecycle Engineering products versions 7.0.1, IBM strongly recommends addressing the vulnerability by applying a currently available ELM 7.0.1 SR1 iFix 18\n\n### The IBM\u00ae Engineering Lifecycle Engineering products of versions 6.0, 6.0.1 and 7.0 are end of support. Hence users on those versions should follow the instructions given in the following document:\n\n### [Remediation for log4j version 1 vulnerabilities in IBM Engineering Lifecycle Management](<https://www.ibm.com/support/pages/node/6607980> \"Remediation for log4j version 1 vulnerabilities in IBM Engineering Lifecycle Management\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-30T11:41:41", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae Engineering Lifecycle Engineering products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-30T11:41:41", "id": "8D1076175653373CF0972E3AB3E49C700B9C36E8D89205B4EAF9845AB1E9DC6F", "href": "https://www.ibm.com/support/pages/node/6616245", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:22", "description": "## Summary\n\nA vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Control| 5.4.0 - 5.4.5 \n \n## Remediation/Fixes\n\n**Release**| **First Fixing** \n**VRM Level**| ** Link to Fix** \n---|---|--- \n5.4.5| 5.4.5.1| **<https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control>** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-07T19:48:02", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Control (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-07T19:48:02", "id": "D0C2BBF5E828BE52CE92F28682B6950B3B526488699E5EB08A2EE2EB5B1D4C35", "href": "https://www.ibm.com/support/pages/node/6537016", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:23", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect the logging infrastructure in the ATNAAudit node and the XDSConsumer pattern in IBM App Connect for Healthcare. IBM App Connect for Healthcare have addressed these vulnerabilities, the fix includes Apache Log4j 2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM App Connect for Healthcare 5.0.0.0 \nIBM App Connect for Healthcare 5.0.0.1 \nIBM App Connect for Healthcare 6.0.1.0\n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the patches listed in this table. \n\nProduct| VRMF| APAR| Remediation/Fixes \n---|---|---|--- \nIBM App Connect for Healthcare| 5.0.0.1| IT39653| \n\nInterim fix for APAR (IT39653 ) is available from\n\n[5.0.0.1 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=5.0.0.1&platform=All&function=aparId&apars=IT39653> \"5.0.0.1 IBM Fix Central\" ) \n \nIBM App Connect for Healthcare| 6.0.1.0| IT39653| \n\nInterim fix for APAR (IT39653 ) is available from\n\n[6.0.1.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=6.0.1.0&platform=All&function=aparId&apars=IT39653> \"6.0.1.0 IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nAs detailed above in the **Remediation / Fixes Section.**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-31T09:38:06", "type": "ibm", "title": "Security Bulletin: IBM App Connect for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-31T09:38:06", "id": "E5029DD7DA3FDCEAB13FDB9D0B634A06F7F47565C556ABBCC97B9CB137EEA1A2", "href": "https://www.ibm.com/support/pages/node/6552272", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:55", "description": "## Summary\n\nApache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. CSM version 6.3.2 ships the latest library available 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Copy Services Manager| All \n \n\n\n## Remediation/Fixes\n\nVersion 6.3.2 includes the Log4j 2.17.1 library\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T19:30:01", "type": "ibm", "title": "Security Bulletin: Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-14T19:30:01", "id": "A37E5717689B00C6C5250CBA163458C6583896012F223709BE3E09BF9944B0DE", "href": "https://www.ibm.com/support/pages/node/6563291", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:39", "description": "## Summary\n\nIBM Transformation Extender Advanced, previously known as IBM Standards Processing Engine, uses Apache Log4j as part of its logging infrastructure. An arbitrary remote code execution vulnerability has been addressed. The fix incudes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Transformation Extender Advanced| 9.0 \nIBM Transformation Extender Advanced| 10.0 \n \n\n\n## Remediation/Fixes\n\n**Product**| **Version**| **Remediation/Fix** \n---|---|--- \nIBM Transformation Extender Advanced| 9.0| [9.0.2.6](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Standards+Processing+Engine&release=9.0.2.6&platform=All&function=all> \"9.0.2.6\" ) \nIBM Transformation Extender Advanced| 10.0| [10.0.1.7](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Standards+Processing+Engine&release=10.0.1.7&platform=All&function=all> \"10.0.1.7\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-22T06:59:18", "type": "ibm", "title": "Security Bulletin: IBM Transformation Extender Advanced is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-22T06:59:18", "id": "D86D8C366E2D62A174FC13CC280E324FC50FDC33BE3CAC167AB7E803409C8C2E", "href": "https://www.ibm.com/support/pages/node/6565309", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:44", "description": "## Summary\n\nIBM C\u00faram Social Program Management uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCuram SPM| 7.0.11 \n \n## Remediation/Fixes\n\n_Product_| _VRMF_| _Remediation_ \n---|---|--- \nC\u00faram SPM| \n\n7.0.11\n\n| \n\nVisit IBM Fix Central and upgrade to [7.0.11_iFix7](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.11.0_RP&platform=All&function=all> \"7.0.11_iFix7\" ) \n \n## Workarounds and Mitigations\n\nFor information about all other versions, contact IBM C\u00faram Social Program Management customer support.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T17:00:38", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect C\u00faram Social Program Management (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-22T17:00:38", "id": "5D7B9C32ADDEC5820C2B88A1E661434F8E24A1888CE3125477B6824FF3D8DA5B", "href": "https://www.ibm.com/support/pages/node/6554174", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:59", "description": "## Summary\n\nApache Log4j is used by IBM Cloud Pak for Data System 1.0. This bulletin provides a remediation for the Apache Log4j vulnerability (CVE-2021-4104).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCPDS| 1.0.0.0- 1.0.7.7 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying below security patch.**\n\nProduct| VRMF| Remediation / First Fix \n---|---|--- \nIBM Cloud Pak for Data System 1.0| 7.9.21.12.SP8| [Link to fix central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&fixids=7.9.21.12.SP8-WS-ICPDS-fp138&source=SAR&function=fixId&parent=ibm/WebSphere> \"Link to fix central\" ) \n \n * Please follow the steps given in [release notes](<https://www.ibm.com/docs/en/cloud-paks/cloudpak-data-system/1.0?topic=new-security-patch-release-notes> \"release notes\" ) to upgrade the system with security patches \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-15T09:51:25", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-15T09:51:25", "id": "DE0FD4B46D08CEF1DEAA575A9047B1B4606E41D3DD7B29408B8769EA341B71D5", "href": "https://www.ibm.com/support/pages/node/6556758", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:48:57", "description": "## Summary\n\nA vulnerability in Apache Log4j 1.2 (CVE-2021-4104) may affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite, which utilize log4j for its logging functionality. Although no known vulnerability impact has been proven, it is strongly recommended to apply the fix that upgrades log4j from version 1.2 to version 2.17.1. IBM Maximo Asset Management version 7.6.1.2 IFX019 and IBM Maximo Manage Patch 8.3.1 ship the latest library available 2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions of the IBM Maximo Asset Management core product and the IBM Maximo Manage application in IBM Maximo Application Suite. Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.\n\n**Product versions affected:**\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Maximo Asset Management | 7.6.1.2 \nMaximo Manage Application in IBM Maximo Application Suite | MAS 8.7-Manage 8.3 \n \n* To determine the core product version, log in and view System Information. The core product version is the \"Tivoli's process automation engine\" version. Please consult the [Platform Matrix](<https://www.ibm.com/support/pages/node/1288432> \"Platform Matrix\" ) for a list of supported product combinations.\n\n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply it for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the \u2018readme\u2019 documentation provided with each fix pack or interim fix.\n\n**For Maximo Asset Management 7.6:**\n\nVRM | Fix Pack, Feature Pack, or Interim Fix | Download \n---|---|--- \n7.6.1.2 | Maximo Asset Management 7.6.1.2 iFix: \n[7.6.1.2-TIV-MBS-IFIX019](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.2&platform=All&function=fixId&fixids=7.6.1.2-TIV-MBS-IF019&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp> \"7.6.1.2-TIV-MBS-IFIX019\" ) or latest Interim Fix available | [FixCentral](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.2&platform=All&function=all> \"FixCentral\" ) \n \n**For IBM Maximo Manage application in IBM Maximo Application Suite:**\n\nFirst upgrade to [Maximo Application Suite version 8.7.2](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fTivoli%3bibm%2fTivoli%2fIBM+Maximo+Application+Suite> \"Maximo Application Suite version 8.7.2\" ) and then from the Catalog select Update Available for Manage 8.3.1\n\n## Workarounds and Mitigations\n\nAdditional manual steps are required to remove all instances of Apache Log4j 1.2 for Maximo Asset Management 7.6.\n\n 1. Delete the following files from the Maximo install directory: \n 1. <maximo_home>\\reports\\cognos\\c11\\sdk\\log4j-1.2.17.jar\n 2. <maximo_home>\\reports\\cognos\\c11\\src\\lib\\log4j-1.2.17.jar\n 2. When using Cognos metadata publishing in an Oracle WebLogic environment, the Cognos BI Server Integration Installation Guide includes an instruction to copy log4j to <weblogic>\\user_projects\\domains\\base_domain\\lib. Remove this file if applicable.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-09T15:12:11", "type": "ibm", "title": "Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-09-09T15:12:11", "id": "964EE2C764F7458340F9E5F9A309885284E9AF6B8CDA79E5C6C2B4DC7B69EFA7", "href": "https://www.ibm.com/support/pages/node/6569189", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:50:25", "description": "## Summary\n\nThere is a vulnerability in Apache log4j used by Spark and Zookeeper that is affecting QRadar User Behavior Analytics(UBA). This has been addressed in both dependencies and UBA has been updated to the patched versions. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nQRadar User Behavior Analytics| All \n \n\n\n## Remediation/Fixes\n\nAddressed in version 4.1.8 of [QRadar User Behavior Analytics](<https://exchange.xforce.ibmcloud.com/hub/extension/6f5cc6de1e5e2dad38bfa755c3f2b80b> \"QRadar User Behavior Analytics\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-05T22:39:00", "type": "ibm", "title": "Security Bulletin: Apache log4j vulnerabilities in Spark and Zookeeper affect QRadar User Behavior Analytics(CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-05T22:39:00", "id": "7518149B47C708BC85C48E7DCC6C884A795B049BDA62763731929AE94A2D74B5", "href": "https://www.ibm.com/support/pages/node/6610729", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:46:19", "description": "## Summary\n\nApache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM\u00ae Engineering Requirements Management DOORS/DWA product versions 9.6.1.x, 9.7.0.x, 9.7.1.x and 9.7.2.x are vulnerable to this attack, it has been addressed in this bulletin.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \n**CVSS Base score**: 8.1 \n**CVSS Temporal Score**: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nDOORS Web Access | All \nIBM\u00ae Engineering Requirements Management DOORS Family | All \n \n## Remediation/Fixes\n\n**IBM\u00ae strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.**\n\n * For The IBM\u00ae Engineering Requirements Management DOORS/DWA product versions 9.7.x, install the fix pack 9.7.2.6.\n * For The IBM\u00ae Engineering Requirements Management DOORS/DWA product versions 9.6.x, install the fix pack 9.6.1.13.\n\nYou can download the fix pack for [9.7.2.6](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Engineering+Requirements+Management+DOORS&fixids=9.7.2.6-DOORS-fixpack&source=SAR> \"9.7.2.6\" ) and [9.6.1.13](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.6.1.13-RATIONAL-DOORS-fixpack&source=SAR> \"9.6.1.13\" ) from Fix Central.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-30T11:14:37", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae Engineering Requirements Management DOORS/DWA fixes for Log4j vulnerabilities CVE-2021-4104", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-09-30T11:14:37", "id": "8DF9A8E408DDD53ACE9BBB12309922440D3663888328A730ADDC42264249FC7B", "href": "https://www.ibm.com/support/pages/node/6825095", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:49:30", "description": "## Summary\n\nThe IBM Security Directory Integrator component of IBM Security Directory Server is affected by, but not vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used as part of the logging infrastructure. IBM Security Directory Server has shipped an appliance refresh which addresses this issue. The fix updates Log4j to version 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSDS VA| 8.0.1 \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nAffected Product(s)\n\n| \n\nVersion(s)\n\n| \n\nFix Availability \n \n---|---|--- \n \nIBM Security Directory Server\n\n| \n\n8.0.1.18\n\n| \n\n[refresh pack: 8.0.1.18-ISS-ISDS_20220727-1111.pkg](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Directory+Suite&release=8.0.1.10&platform=Linux+64-bit,x86_64&function=fixId&fixids=8.0.1.18-ISS-ISDS_20220727-1111.pkg&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"10.0.0.0-ISS-ISVG-IMVA-FP0004\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:50:19", "type": "ibm", "title": "Security Bulletin: IBM Security Directory Integrator as shipped with IBM Security Directory Suite is affected by Apache Log4j vulnerability (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-25T20:50:19", "id": "A0DA60B6875AE87AD557CCAE1AAF020757185304D5D1246DA18673A711319E91", "href": "https://www.ibm.com/support/pages/node/6615337", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:51:30", "description": "## Summary\n\nA vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Elastic Storage System due to its use of Log4j for logging and this fix upgrades to Apache Log4j V2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Elastic Storage System | 6.0.0 - 6.0.2.4 \nIBM Elastic Storage System | 5.3.0 - 5.3.7.4 \n \n## Remediation/Fixes\n\nContact IBM Support for your affected versions of ESS 3000, ESS 3200 and ESS 5000 to obtain and apply an efix for your level of code: Products | Remediation \n---|--- \nIBM Elastic Storage System \n\nV6.0.0.0 - V6.0.2.4\n\n| For IBM Support, reference** APAR IJ38352** \n \nIBM Elastic Storage System\n\nV5.3.0 - V5.3.7.4\n\n| \n\nFor IBM Support, reference** APAR IJ38352** \n \n**Note**: Selected efixes are on Fix Central, see : [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all>)\n\nIf you cannot apply the latest level of service, contact IBM Service.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-06T16:04:48", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-06T16:04:48", "id": "F20FBF9D136DA66B16B24CC6A66369A721A4C8C12FA296FC3E2278352AA17707", "href": "https://www.ibm.com/support/pages/node/6565395", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:12", "description": "## Summary\n\nApache Log4j was used by 2 of the third party components used in Datacap as part of its logging infrastructure. The fix includes Apache Log4j v.2.17.1 for one of these third party component used in Datacap. The fix removes Apache Log4j for second third party component used in Datacap.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDatacap Taskmaster Capture| 9.1.8 \nDatacap Taskmaster Capture| 9.1.9 \n \n\n\n## Remediation/Fixes\n\n_**Product**_ | \n\n_** VRMF**_\n\n| \n\n_** Remediation/First Fix**_ \n \n---|---|--- \n \nDatacap Taskmaster Capture\n\n| \n\n9.1.8\n\n| \n\nUpgrade to **9.1.8 iFix 003**, available from [9.1.8 iFixes](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Datacap+Taskmaster+Capture&release=9.1.8.0&platform=All&function=all> \"9.1.8 iFixes\" ) \n \nDatacap Taskmaster Capture\n\n| \n\n9.1.9\n\n| \n\nUpgrade to **9.1.9 iFix 001**, available from [9.1.9 iFixes](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Datacap+Taskmaster+Capture&release=9.1.9.0&platform=All&function=all> \"9.1.9 iFixes\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-28T05:03:57", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-28T05:03:57", "id": "F1319E2508F5C112B37A4A6D292A000AB7AB824FB75E0C9F8948F655DFA754E6", "href": "https://www.ibm.com/support/pages/node/6559980", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:38", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages with Watson versions 8.1 through 8.2.0.3 (8.2.0.4 is not affected)\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n \n\n\n**Product**| **Remediation** \n---|--- \n \nFor IBM OpenPages with Watson **8.1 **or** 8.1.0.1 **\n\n\\- Upgrade to 8.1.0.2 Fix Pack\n\n\\- Apply 8.1.0.2 Interim Fix 2 (**8.1.0.2.2**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-81-fix-pack-2>\n\n<https://www.ibm.com/support/pages/openpages-watson-8102-interim-fix-2> \n \nFor IBM OpenPages with Watson** 8.1.0.2 **\n\n\\- Apply 8.1.0.2 Interim Fix 2 (**8.1.0.2.2**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-8102-interim-fix-2> \n \nFor IBM OpenPages with Watson** 8.2**, **8.2.0.1, 8.2.0.2 **or** 8.2.0.3**\n\n\\- Upgrade to 8.2.0.4 Fix Pack\n\n\\- Apply 8.2.0.4 Interim Fix 2 (**8.2.0.4.2**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-82-fix-pack-4>\n\n<https://www.ibm.com/support/pages/openpages-watson-8204-interim-fix-2> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-24T20:01:37", "type": "ibm", "title": "Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-24T20:01:37", "id": "8B5BD9969FEA68AF3C45FDA3DB03870CCDA9156F542B0046F1CE349090DB826D", "href": "https://www.ibm.com/support/pages/node/6540688", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:51:02", "description": "## Summary\n\nMultiple vulnerabilities identified within the Apache Log4j (CVE-2021-4104) library earlier 2.0 version that is used by IBM Tivoli Netcool Configuration Manager to provide logging functionality. The fix includes Apache Log4j v2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\nThis issue has been fixed in ITNCM 6.4.2 Fix Pack 16 (6.4.2.16) available from fix central.\n\n[6.4.2-TIV-ITNCM-FP016](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Netcool+Configuration+Manager&fixids=6.4.2-TIV-ITNCM-FP016&source=SAR> \"6.4.2-TIV-ITNCM-FP016\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-18T08:32:59", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Configuration Manager is affected by vulnerability that could allow a remote attacker to execute arbitrary code on the system due to Apache Log4j earlier than 2.0 version (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-18T08:32:59", "id": "7CC29EC0FEC5AE2795B41685E99747E5F4622427116C32A61EDA1A96E00FB35D", "href": "https://www.ibm.com/support/pages/node/6604669", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:03", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0. An attacker who can control log messages or log message parameters can execute arbitrary code leading to Remote Code Execution (RCE) attacks. IBM App Connect for Manufacturing 2.0 has addressed the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect for Manufacturing| 2.0.0.5 to 2.0.0.7 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the patches listed in this table. This superceeds apar IT3937. \n\nProduct| VRMF| APAR| Remediation/Fixes \n---|---|---|--- \nIBM App Connect for Manufacturing| 2.0.0.5 to 2.0.0.7| IT39451| \n\nInterim fix for APAR (IT39451) is available from\n\n \n[2.0.0.5 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=2.0.0.5&platform=All&function=aparId&apars=IT39451> \"2.0.0.5 IBM Fix Central\" )\n\n[2.0.0.6 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=2.0.0.6&platform=All&function=aparId&apars=IT39451> \"2.0.0.6 IBM Fix Central\" )\n\n[2.0.0.7 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=2.0.0.7&platform=All&function=aparId&apars=IT39451> \"2.0.0.7 IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-22T08:43:56", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0 (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-22T08:43:56", "id": "A13D8E66D7296C6851E5FD3A79983B0714CFCBDD4D8CE2D2BA543E342E028FB7", "href": "https://www.ibm.com/support/pages/node/6536646", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:49:35", "description": "## Summary\n\nIBM Security Verify Governance (ISVG) is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used as part of ISVG's logging infrastructure. The fix includes Apache Log4j version 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Verify Governance| 10.0 \n \n## Remediation/Fixes\n\nIBM encourages customers to promptly update their systems.\n\n**Affected Product(s)**\n\n| \n\n**Version(s)**\n\n| \n\n**First Fix** \n \n---|---|--- \n \nIBM Security Verify Governance\n\n| \n\n10.0.1\n\n| \n\n[10.0.1.0-ISS-ISVG-IGVA-FP0000 ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.0.0&platform=Linux&function=fixId&fixids=10.0.1.0-ISS-ISVG-IGVA-FP0000&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \nIBM Security Verify Governance\n\n| \n\n10.0.0\n\n| \n\n[10.0.0.0-ISS-ISVG-IGVA-FP0004 ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.0.0&platform=Linux&function=fixId&fixids=10.0.0.0-ISS-ISVG-IGVA-FP0004&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-22T19:08:30", "type": "ibm", "title": "Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-22T19:08:30", "id": "27D05CF3EFA4803263C8E1208A1231E86FFB57D4B4143C21D96897480161D556", "href": "https://www.ibm.com/support/pages/node/6586510", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:09", "description": "## Summary\n\nIBM Urbancode Deploy server, agent, and relay releases before release 7.1.2.1 are impacted by CVE-2021-4104. The product uses Log4j 1.2 logging library which may be exploited with administrative access. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nUCD - IBM UrbanCode Deploy | 6.2.7.3 \nUCD - IBM UrbanCode Deploy | 6.2.7.4 \nUCD - IBM UrbanCode Deploy | 6.2.7.5 \nUCD - IBM UrbanCode Deploy | 6.2.7.6 \nUCD - IBM UrbanCode Deploy | 6.2.7.7 \nUCD - IBM UrbanCode Deploy | 6.2.7.8 \nUCD - IBM UrbanCode Deploy | 6.2.7.9 \nUCD - IBM UrbanCode Deploy | 6.2.7.10 \nUCD - IBM UrbanCode Deploy | 6.2.7.11 \nUCD - IBM UrbanCode Deploy | 6.2.7.12 \nUCD - IBM UrbanCode Deploy | 7.0.3.0 \nUCD - IBM UrbanCode Deploy | 7.0.3.1 \nUCD - IBM UrbanCode Deploy | 7.0.3.2 \nUCD - IBM UrbanCode Deploy | 7.0.3.3 \nUCD - IBM UrbanCode Deploy | 7.0.4.0 \nUCD - IBM UrbanCode Deploy | 7.0.4.1 \nUCD - IBM UrbanCode Deploy | 7.0.4.2 \nUCD - IBM UrbanCode Deploy | 7.0.5.0 \nUCD - IBM UrbanCode Deploy | 7.0.5.1 \nUCD - IBM UrbanCode Deploy | 7.0.5.2 \nUCD - IBM UrbanCode Deploy | 7.0.5.3 \nUCD - IBM UrbanCode Deploy | 7.0.5.4 \nUCD - IBM UrbanCode Deploy | 7.0.5.5 \nUCD - IBM UrbanCode Deploy | 7.0.5.6 \nUCD - IBM UrbanCode Deploy | 7.1.0.0 \nUCD - IBM UrbanCode Deploy | 7.1.0.1 \nUCD - IBM UrbanCode Deploy | 7.1.0.2 \nUCD - IBM UrbanCode Deploy | 7.1.1.0 \nUCD - IBM UrbanCode Deploy | 7.1.1.1 \nUCD - IBM UrbanCode Deploy | 7.1.1.2 \nUCD - IBM UrbanCode Deploy | 7.1.2.0 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nThese releases contain the full updates for server, agents, relays, and plugins. \nFollow the standard upgrade documentation found here: <https://www.ibm.com/docs/en/urbancode-deploy/7.1.2?topic=upgrading-migrating>\n\nVersion 6.2.7.3 up to and including 6.2.7.12, upgrade to 6.2.7.13 or later.\n\nVersion 7.0.3.0 up to and including 7.0.5.7, upgrade to 7.0.5.8 or later. \nVersion 7.1.0.0 up to and including 7.1.2.0, upgrade to 7.1.2.1 or later.\n\nBased on current information and analysis, we do not believe that Releases 7.1.2.1 or greater are vulnerable to CVE-2021-4104.\n\n## Workarounds and Mitigations\n\nAs a mitigation for affected releases until the above \"Remediation/Fixes\" have been applied: \n\nA replacement file log4j.jar has been created to apply this same change to all past versions of IBM Urbancode Deploy and is available on Fix Central as [Log4jFixPack-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&produ\\[\u2026\\]Log4jFixPack-IBM-UrbanCode-Deploy&includeSupersedes=0&source=fc>) \n \nIndividual updated plugins are available on the following site [https://www.urbancode.com/plugins/](<https://www.ibm.com/links?url=https%3A%2F%2Fwww.urbancode.com%2Fplugins%2F> \"\" )\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T15:51:31", "type": "ibm", "title": "Security Bulletin: IBM Urbancode Deploy server/agent/relay releases before 7.1.2.1 impacted by Apache Log4j vulnerabilities. (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-03T15:51:31", "id": "68C9A924DE162BF93100DE379E651BE25F0603409D7A4401BB7E28C5F636BDB3", "href": "https://www.ibm.com/support/pages/node/6538590", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:41", "description": "## Summary\n\nApache Log4j could allow a remote attacker to execute arbitrary code on the system. DB2 Recovery Expert for Linux, UNIX and Windows addressed this vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDB2 Recovery Expert for LUW| 5.5.0.1 \nDB2 Recovery Expert for LUW| 5.5.0.1 IF1 \nDB2 Recovery Expert for LUW| 5.5.0.1 IF2 \nDB2 Recovery Expert for LUW| 5.5.0.1 IF3 \n \n\n\n## Remediation/Fixes\n\nThe product needs to be installed or upgraded to the latest available level using the latest [5.5.0.1 IF4](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/DB2+Recovery+Expert+for+Linux+UNIX+and+Windows&release=5.5.0.1&platform=All&function=all> \"5.5.0.1 IF4\" ) version available from Fix Central.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-21T11:08:12", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects DB2 Recovery Expert for Linux, Unix and Windows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-21T11:08:12", "id": "BA4185EFC85E26A08AB57ADBAA3A45DD6AD2DB5D4C5B073C7F980FF5D77C4DE0", "href": "https://www.ibm.com/support/pages/node/6565031", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:54:01", "description": "## Summary\n\nThis fix removes the Apache Log4j.jar file from IBM Integration Designer.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected products| Versions \n---|--- \nIntegration Designer| 21.0.3 \nIntegration Designer| 21.0.2 \nIntegration Designer| 20.0.0.2 \nIntegration Designer| 19.0.0.2 \nIntegration Designer| 8.5.7 \n \n## Remediation/Fixes\n\n[IBM Integration Designer 21.0.3](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=21.0.3-WS-IID-IFJR64578&source=SAR> \"IBM Integration Designer 21.0.3\" )\n\n[IBM Integration Designer 21.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=21.0.2-WS-IID-IFJR64578&source=SAR> \"IBM Integration Designer 21.0.2\" )\n\n[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=19.0.0.2-WS-IID-JR63001&source=SAR&function=fixId&parent=ibm/WebSphere>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=20.0.0.2-WS-IID-JR63001&source=SAR&function=fixId&parent=ibm/WebSphere>)[IBM Integration Designer 20.0.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=20.0.0.2-WS-IID-IFJR64578&source=SAR> \"IBM Integration Designer 20.0.0.2\" )\n\n[IBM Integration Designer 19.0.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=19.0.0.2-WS-IID-IFJR64578&source=SAR> \"IBM Integration Designer 19.0.0.2\" )\n\n[IBM Integration Designer 8.5.7](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.7.0-WS-IID-IFhttp://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.7.0-WS-IID-IFJR64578&source=SAR&source=SAR> \"IBM Integration Designer 8.5.7\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-29T20:56:04", "type": "ibm", "title": "Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-04-29T20:56:04", "id": "4E6A04B12CD0B1B6DEFA7C6ABF7649A38727A95A07B1BD211B03B0BDF4022C04", "href": "https://www.ibm.com/support/pages/node/6562361", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:40", "description": "## Summary\n\nThere is a vulnerability in the version of Log4j that was included in InfoSphere Data Replication.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Data Replication| 11.4.0 \nInfoSphere Data Replication| 11.4 \n \n\n\n## Remediation/Fixes\n\nUpdate to the latest product fix pack found here: \n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.4&platform=All&function=all&source=fc](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.4&platform=All&function=all&source=fc>)\n \n \n [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.3.3.3&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.3.3.3&platform=All&function=all>)\n\nNote to Apacha Kafka target users; the remediation removes use of Log4j from the product. Due to the way Apache Kafka environments integrate with various clients, it is strongly recommended to perform extensive testing of the updated product to ensure that the expected logging functions are not impacted.\n\n## Workarounds and Mitigations\n\nAs a data movement product, InfoSphere Data Replication supports many different sources and targets. A full listing of this can be found in Knowledge Center here: \n \n<https://www.ibm.com/docs/en/idr/11.4.0?topic=requirements-supported-source-targets> \n \nA mitigating factor is that while Log4j is bundled with all installations of supported Linux/UNIX/Windows (LUW) sources and targets, it is only used in the case of the Apache Kafka target. \n \nThere are no end user workarounds. It is recommended to update to the latest fix pack.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T13:12:16", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-4104) affects InfoSphere Data Replication", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T13:12:16", "id": "C5300EA28DA92FE5400667667270AEE539B4648C41D04FA7B270FB33DE4673B6", "href": "https://www.ibm.com/support/pages/node/6527834", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:54:41", "description": "## Summary\n\nThe Apache Log4j vulnerability (CVE-2021-4104) affects the TPF Operations Server, which runs with the z/Transaction Processing Facility (z/TPF). The TPF Operations Server uses Apache Log4j as part of its logging infrastructure. All components in the TPF Operations Server that use Apache Log4j have been updated to use Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nTPF Operations Server| 1.2.06 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nTPF Operations Server| 1.2.06| IT40013| Apply the APAR, which is available for download from the [TPF Product Family: Maintenance for TPF Operations Server](<https://www.ibm.com/support/pages/node/598325> \"TPF Product Family: Maintenance for TPF Operations Server\" ) web page. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-21T15:51:54", "type": "ibm", "title": "Security Bulletin: The Apache Log4j (CVE-2021-4104) vulnerability affects TPF Operations Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-04-21T15:51:54", "id": "3CBFD550ACC21F55BA277385D55E9A5728E39670190F73721EF53E5BD91FBBBF", "href": "https://www.ibm.com/support/pages/node/6574035", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:52:41", "description": "## Summary\n\nIBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVE\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza Analytics for NPS| All versions <= 11.2.23 \n \n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \n \nIBM Netezza Analytics for NPS\n\n| 11.2.24| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=INZA_11.2&platform=All&function=fixId&fixids=11.2.24-WS-ICPDS-INZA-fp10905> \"Link to Fix Central\" ) \n \nNote: IBM Netezza Analytics for NPS addresses above CVE by removing log4j from IBM Netezza Analytics for NPS.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-03T14:32:29", "type": "ibm", "title": "Security Bulletin: Log4j vulnerability affects IBM Netezza Analytics for NPS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-06-03T14:32:29", "id": "26DFDDEA8EB90F9881D2DF1DF2281A85874E3DEDC9CAEBB69B263FC6408C7D49", "href": "https://www.ibm.com/support/pages/node/6527820", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:47", "description": "## Summary\n\nThere is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSterling Connect Direct File Agent| 1.4 \n \n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| APAR| Remediation / First Fix \n---|---|---|--- \nSterling Connect Direct File Agent| 1.4| n/a| Apply [1.4.0.2_iFix013](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+File+Agent&release=1.4.0.2&platform=All&function=aparId&apars=IT39371,IT39415> \"1.4.0.2_iFix013\" ), available on IBM Fix Central \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-16T11:54:01", "type": "ibm", "title": "Security Bulletin: Apache Log4j Affects IBM Sterling Connect:Direct File Agent (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-16T11:54:01", "id": "AFD7DBF6EEC4522D8263C37017B0864C1F7BAB4FBD23EC03D38B2484DE07311A", "href": "https://www.ibm.com/support/pages/node/6526688", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:52:13", "description": "## Summary\n\nStoredIQ 7.6.0 is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104). Apache Log4j is used by StoredIQ 7.6.0 as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nStoredIQ| 7.6.0 - 7.6.0.22 \n \n\n\n## Remediation/Fixes\n\nUpgrade to fix pack 7.6.0.22 and apply interim fix siq_7_6_0_22_log4j_2_17_1_if that is available from Fix Central [https://www.ibm.com/support/fixcentral/. ](<https://www.ibm.com/support/fixcentral/>)Instructions are included in the ReadMe in the interim fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-17T21:34:55", "type": "ibm", "title": "Security Bulletin: StoredIQ Is Vulnerable To Arbitrary Code Execution Due To Apache Log4j (CVE-2021-4104).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-06-17T21:34:55", "id": "57F982DDC8E03D61C084B264B2F96B821210E01A5741363B87BC4BC12601EF3E", "href": "https://www.ibm.com/support/pages/node/6596147", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:42:22", "description": "## Summary\n\nA vulnerability in Apache Log4j (CVE-2021-4104) has been identified that may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Several components of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. The fix below includes Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.4 \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 1.2.0 -1.2.1 (Cloud Pak 3.5) \n \n\n\n## Remediation/Fixes\n\nAffected Products| Versions| Fixes \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.4| v4.0.5 For Text to Speech: \n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-watson-text-speech>\n\nv4.0.5 For Speech to Text:\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-watson-speech-text> \n \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 1.2.0 -1.2.1 (Cloud Pak 3.5) | None available. Please install v4.0.5 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2023-01-12T21:59:00", "id": "A0B4098936C66E228AC654C663118F5F0E7E0914D4F2BB96A80428BB72E88742", "href": "https://www.ibm.com/support/pages/node/6551170", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:33", "description": "## Summary\n\nThe following vulnerability in Log4j has been addressed by IBM MegaRAID Storage Manager. This fix includes the removal of Log4j.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nMegaRAID Storage Manager| 17 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now. \nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nProduct(s)| Version(s) \n---|--- \n \nMegaRAID Storage Manager\n\n(ibm_utl_msm_17.05.06.00_windows_32-64) \n\n| 17.05.06.00 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-26T19:52:11", "type": "ibm", "title": "Security Bulletin: IBM MegaRAID Storage Manager is affected by a vulnerability in Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-26T19:52:11", "id": "7D41EC7322B1884F1456683D61F0429C832EB63621E340A85374D62A5B50036A", "href": "https://www.ibm.com/support/pages/node/6551146", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:45:41", "description": "## Summary\n\nApache Log4j 1.x vulnerabilities may impact IBM InfoSphere Information Server which uses Apache Log4j for logging.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | **APAR** | **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 | [JR64781](<http://www.ibm.com/support/docview.wss?uid=swg1JR64781> \"JR64781\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> \"11.7.1.3 Service pack 4\" ) \n \n(October 14, 2022) Other open source components usage of log4j version 1 was addressed in Information Server 11.7.1.4. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T22:12:50", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-10-14T22:12:50", "id": "5F63ABEFB797143F56BA76FEE84E3501E931CCBDCCE79A4A8D534956DD75AF3B", "href": "https://www.ibm.com/support/pages/node/6575541", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:45:50", "description": "## Summary\n\nIBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the JMSAppender in Log4j 1.2 allowing deserialization of untrusted data when the attacker has write access to the Log4j configuration. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3 \nIBM Operations Analytics Predictive Insights| 1.3.5 \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\nPlease use the instructions and full details from the README that\u2019s in the IBM Operations Analytics Predictive Insights iFix6 tarball, and follow with the upgrade to iFix6. downloaded tarball.\n\nThe IBM Operations Analytics Predictive Insights iFix6 tarball is available [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=All&platform=Linux+64-bit,x86_64&function=all> \"here\" ). \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-12T08:38:26", "type": "ibm", "title": "Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-10-12T08:38:26", "id": "88BEF8D462F9F45D43371BBC22C02A72C821C23EF01CD835DCD90CD91B6DEFC1", "href": "https://www.ibm.com/support/pages/node/6828741", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:52:05", "description": "## Summary\n\nApache Log4j is used by IBM Sterling Global Mailbox as part of its logging infrastructure. This fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Global High Availability Mailbox| 6.0.3 \nIBM Sterling Global Mailbox| 6.1.0 \nIBM Sterling Global Mailbox| 6.1.1 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by Apache log4j library which is/are shipped with Global Mailbox.\n\n**Product(s)**\n\n| \n\n**Version(s)**\n\n| \n\n**Remediation/Fix** \n \n---|---|--- \n \nIBM Global High Availability Mailbox \n\n\n| \n\n6.0.3\n\n| See 6.0.3.6 section below \nIBM Sterling Global Mailbox \n\n\n| 6.1.0| \n\nSee 6.1.0.5 section below \n \n \nIBM Sterling Global Mailbox| 6.1.1| \n\nSee 6.1.1.1 section below \n \n \n**1) 6.0.3.6 is now available on Fix Central -**\n\n**IIM**\n\n**Sterling B2B Integrator**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-B2Bi-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-B2Bi-All&includeSupersedes=0>)\n\n**Sterling File Gateway**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-SFG-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-SFG-All&includeSupersedes=0>)\n\n**Docker**\n\n**Sterling B2B Integrator**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-B2Bi-Docker-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-B2Bi-Docker-All&includeSupersedes=0>)\n\n**Sterling File Gateway**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-SFG-Docker-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-SFG-Docker-All&includeSupersedes=0>)\n\n**2) 6.1.0.5 is now available on Fix Central - **\n\n**IIM**\n\n**Sterling B2B Integrator**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.5-OtherSoftware-B2Bi-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.5-OtherSoftware-B2Bi-All&includeSupersedes=0>)\n\n**Sterling File Gateway**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.5-OtherSoftware-SFG-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.5-OtherSoftware-SFG-All&includeSupersedes=0>)\n\n**IBM Sterling B2B Integrator V6.1.0.5**\n\n * Certified Container Image\n\n_cp.icr.io/cp/ibm-b2bi/b2bi:6.1.0.5_\n\n * Helm Chart\n\n<https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-b2bi-prod-2.0.6.tgz>\n\n**IBM Sterling File Gateway V6.1.0.5**\n\n * Certified Container Image\n\n_cp.icr.io/cp/ibm-sfg/sfg:6.1.0.5_\n\n * Helm Chart\n\n_<https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-sfg-prod-2.0.6.tgz>_\n\n**3) 6.1.1.1 is now available on Fix Central - **\n\n**Sterling B2B Integrator**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.1.1.0&platform=All&function=fixId&fixids=6.1.1.1-OtherSoftware-B2Bi-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.1.1.0&platform=All&function=fixId&fixids=6.1.1.1-OtherSoftware-B2Bi-All&includeSupersedes=0>)\n\n**Sterling File Gateway**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.1.1.0&platform=All&function=fixId&fixids=6.1.1.1-OtherSoftware-SFG-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.1.1.0&platform=All&function=fixId&fixids=6.1.1.1-OtherSoftware-SFG-All&includeSupersedes=0>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T07:14:39", "type": "ibm", "title": "Security Bulletin: IBM Sterling Global Mailbox is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-06-22T07:14:39", "id": "2F6D6F1C528741F14485F042B34A95DE694B60A3181908A18D87FD341EB6EA6C", "href": "https://www.ibm.com/support/pages/node/6597519", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:15", "description": "## Summary\n\nIBM Netezza Analytics is a component in IBM Netezza for Cloud Pak. Apache Log4j is used by IBM Netezza Analytics as part of its logging infrastructure. Apache Log4J is affected by vulnerability (CVE-2021-4104). This Fix removes Apache Log4J from IBM Netezza Analytics component to remediate vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Netezza for Cloud Pak for Data | 11.1.0.0 - 11.2.1.3 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now for affected versions listed by applying the fix. \n**\n\n**Product**| **Version**| **_Remediation/Fix_** \n---|---|--- \nIBM Netezza for Cloud Pak for Data| 11.2.1.4| [Link To Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=NPS_11.2&platform=All&function=fixId&fixids=11.2.1.4-WS-ICPDS-NPS-fp11291> \"Link To Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-25T13:25:06", "type": "ibm", "title": "Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-25T13:25:06", "id": "643467CC62A4AA0827E72D95EDF8439DE29D565BBC4287107E15278272180D23", "href": "https://www.ibm.com/support/pages/node/6559630", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:35", "description": "## Summary\n\nWe have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been tested in LMS 6.1.0 version.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Kenexa LMS on premise| LMS 6.1 and Below \n \n## Remediation/Fixes\n\nLMS uses Log4j 1.x version and the fix for this issue has been tested on IBM LMS 6.1.\n\n**Steps to Download from Fix Central**\n\n * Log in to Fix Central (<https://www-945.ibm.com/support/fixcentral/>)\n * Select \" IBM Kenexa LMS\u201d from the Product Selector dropdown\n * Select \"6.1\" from the Installed version dropdown\n * Select \"Windows\" from the Platform dropdown\n * Click \"Continue\"\n * Select \"Browse for Fixes\u201d and click \"Continue\"\n\n**Download log4jLMSfix.zip and Extract the following 2 files:**\n\n * libreplace.exe\n * log4j-core-2.15.0.jar\n\n**Steps to Follow in version 6.1:**\n\nSteps for deploying log4j fix:\n\n1\\. Copy libreplace.exe and log4j-core-2.15.0.jar into a new directory, e.g. c:\\log4jfix\n\n2\\. Start a command-prompt as administrator\n\n3\\. Change to new directory, e.g. cd /d c:\\log4jfix\n\n4\\. Stop all LMS\\Participate services\n\n5\\. Execute command-line:\n\nlibreplace.exe \"d:\\lmspe\\lms\" log4j*.jar log4j-core-2.15.0.jar . CONFIRM\n\n(\"d:\\lmspe\\lms\" represents your LMS directory, not your Participate directory)\n\n6\\. Notice log messages that look like \"log4j(etc).jar is now identical to log4j-core-2.15.0.jar\"; this confirms that changes have been made properly\n\n7\\. (*see note below) Execute command-line:\n\nlibreplace.exe \"d:\\lmspe\\pe101\" log4j*.jar log4j-core-2.15.0.jar . CONFIRM\n\n(\"d:\\lmspe\\pe101\" represents your Participate directory, not your LMS directory)\n\n8\\. Notice log messages that look like \"log4j(etc).jar is now identical to log4j-core-2.15.0.jar\"; this confirms that changes have been made properly\n\n9\\. Start LMS/Participate services\n\n***Note:** following step #7 will most likely break search function within Participate. Courses will still launch but searching for enrollments or any other listing of courses will not work. You can omit step #7 if this is loss of search function is unacceptable.\n\n**OPTIONAL - to rollback changes (if needed):**\n\n1\\. Stop all LMS services\n\n2\\. Find the .log file in e.g. c:\\log4jfix\n\n3\\. Find every line that starts with \"UNDO:\"\n\n4\\. Execute the OS command from command-line, which follows \"UNDO:\"\n\n5\\. Start LMS services\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T14:01:40", "type": "ibm", "title": "Security Bulletin: IBM Kenexa LMS On Premise -Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T14:01:40", "id": "E7B26BFFEBAF5940128604225876F93CFFC27DB258C37295462DEA72EAA99A13", "href": "https://www.ibm.com/support/pages/node/6527844", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:36", "description": "## Summary\n\nWe have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been tested in LCMS Premier 13.x & 14.0 versions.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Kenexa LCMS Premier on premise| LCMS 14.0 and below \n \n\n\n## Remediation/Fixes\n\nLCMS uses Log4j 1.x version and fix for this issue has been tested on IBM LCMS 13.x & 14.0 versions\n\n**Steps to Download from Fix Central**\n\n * Log in to Fix Central (<https://www-945.ibm.com/support/fixcentral/>)\n * Select \"IBM Kenexa LCMS Premier\u201d from the Product Selector dropdown\n * Select \"14.0\" from the Installed version dropdown\n * Select \"Windows\" from the Platform dropdown\n * Click \"Continue\"\n * Select \"Browse for Fixes\u201d and click \"Continue\"\n\n**Download log4jLcmsfix.zip and Extract the following 2 files:**\n\n * libreplace.exe\n * log4j-core-2.15.0.jar\n\n**Steps to Follow:**\n\n**Steps for deploying log4j fix:**\n\n1\\. Copy libreplace.exe and log4j-core-2.15.0.jar into a new directory, e.g. c:\\log4jfix\n\n2\\. Start a command-prompt as administrator\n\n3\\. Change to new directory, e.g. cd /d c:\\log4jfix\n\n4\\. Stop all LCMS services\n\n5\\. Execute command-line:\n\nlibreplace.exe \"d:\\lcms\" log4j*.jar log4j-core-2.15.0.jar . CONFIRM\n\n(\"d:\\lcms\" represents your LCMS directory)\n\n6\\. Notice log messages that look like \"log4j(etc).jar is now identical to log4j-core-2.15.0.jar\"; this confirms that changes have been made properly\n\n7\\. Start LCMS services\n\n** **\n\n**OPTIONAL - to rollback changes(if needed):**\n\n1\\. Stop all LCMS services\n\n2\\. Find the .log file in e.g. c:\\log4jfix\n\n3\\. Find every line that starts with \"UNDO:\"\n\n4\\. Execute the OS command from command-line, which follows \"UNDO:\"\n\n5\\. Start LCMS services\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T13:59:19", "type": "ibm", "title": "Security Bulletin: IBM Kenexa LCMS Premier On Premise - Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T13:59:19", "id": "A3752C1A8387F15196CA7D38FEBCF0DB0EFEE9BA80E9F901A057B44A5C47F353", "href": "https://www.ibm.com/support/pages/node/6527876", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:48:04", "description": "## Summary\n\nIBM Security Identity Governance and Intelligence (ISIGI) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104). Apache Log4j is used as part of ISIGI's logging infrastructure. The fix includes Apache Log4j version 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Identity Governance and Intelligence| 5.2.6 \nIBM Security Identity Governance and Intelligence| 5.2.5 \nIBM Security Identity Governance and Intelligence| 5.2.4 \n \n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly.\n\n**Affected Product(s)**| **Version(s)**| **First Fix** \n---|---|--- \nIBM Security Identity Governance and Intelligence| 5.2.6| [5.2.6.0-ISS-SIGI-FP0004 ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=fixId&fixids=5.2.6.0-ISS-SIGI-FP0004&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"5.2.6.0-ISS-SIGI-FP0004\" ) \nIBM Security Identity Governance and Intelligence| 5.2.5| [5.2.5.0-ISS-SIGI-FP0003](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=All&function=fixId&fixids=5.2.5.0-ISS-SIGI-FP0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"5.2.5.0-ISS-SIGI-FP0003\" ) \nIBM Security Identity Governance and Intelligence| 5.2.4| [5.2.4.0-ISS-SIGI-FP0003](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.4.0&platform=All&function=fixId&fixids=5.2.4.0-ISS-SIGI-FP0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"5.2.4.0-ISS-SIGI-FP0003\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T11:42:56", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-09-15T11:42:56", "id": "5D920E9D5E204CFD2E98E2C7018611E5EB64DCF6A6E438058868CC33565AFED5", "href": "https://www.ibm.com/support/pages/node/6586512", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-09-01T00:43:46", "description": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests.\n#### Mitigation\n\nThese are the possible mitigations for this flaw for releases version 1.x: \n\n\n\\- Comment out or remove JMSSink in the Log4j configuration if it is used \n\\- Remove the JMSSink class from the server's jar files. For example: \n\n \n \n zip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class \n \n\n\\- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker. \n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T15:47:25", "type": "redhatcve", "title": "CVE-2022-23302", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2023-08-31T16:16:35", "id": "RH:CVE-2022-23302", "href": "https://access.redhat.com/security/cve/cve-2022-23302", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-09-30T09:33:38", "description": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.\n#### Mitigation\n\nFor Log4j versions >=2.10 \nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true \n\n\nFor Log4j versions >=2.7 and <=2.14.1 \nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m \n\n\nFor Log4j versions >=2.0-beta9 and <=2.10.0 \nremove the JndiLookup class from the classpath. For example: \n\n \n \n zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class \n \n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: <https://access.redhat.com/solutions/6578421> \n\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: <https://access.redhat.com/solutions/6578441> \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-07T14:19:14", "type": "redhatcve", "title": "CVE-2021-44228", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-09-30T07:23:06", "id": "RH:CVE-2021-44228", "href": "https://access.redhat.com/security/cve/cve-2021-44228", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cnvd": [{"lastseen": "2022-11-05T07:01:12", "description": "Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j JMSSink is vulnerable to deserialized code execution. The vulnerability stems from insecure input validation when the program is processing serialized data. A remote attacker could exploit the vulnerability to pass specially crafted data to the application and execute arbitrary code on the target system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T00:00:00", "type": "cnvd", "title": "Apache log4j JMSSink deserialization code execution vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2022-01-21T00:00:00", "id": "CNVD-2022-05852", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-05852", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T07:14:42", "description": "Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache Log4j 1.2 is vulnerable to a code issue that could be exploited by attackers to run code via JMSApender deserialization.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-16T00:00:00", "type": "cnvd", "title": "Apache Log4j Code Execution Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-08T00:00:00", "id": "CNVD-2022-01775", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-01775", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:10:13", "description": "JMSSink in log4j is vulnerable to deserialization of untrusted object. The insecure use of JNDI in JMSSink allows an attacker to send malicious object in LDAP store if it is accessible by an attacker or is configured to use an untrusted site, leading to a remote code execution. Note: this vulnerability only affects the applications specifically configured to use JMSSink, which is not the default. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-19T08:50:05", "type": "veracode", "title": "Deserialisation Of Untrusted Object", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23302"], "modified": "2023-02-24T17:56:48", "id": "VERACODE:33763", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33763/summary", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-26T14:35:24", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0290 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "RHEL 8 : parfait:0.5 (RHSA-2022:0290)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:parfait", "p-cpe:/a:redhat:enterprise_linux:parfait-examples", "p-cpe:/a:redhat:enterprise_linux:parfait-javadoc", "p-cpe:/a:redhat:enterprise_linux:pcp-parfait-agent", "p-cpe:/a:redhat:enterprise_linux:si-units", "p-cpe:/a:redhat:enterprise_linux:si-units-javadoc", "p-cpe:/a:redhat:enterprise_linux:unit-api", "p-cpe:/a:redhat:enterprise_linux:unit-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-lib", "p-cpe:/a:redhat:enterprise_linux:uom-lib-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-parent", "p-cpe:/a:redhat:enterprise_linux:uom-se", "p-cpe:/a:redhat:enterprise_linux:uom-se-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-systems", "p-cpe:/a:redhat:enterprise_linux:uom-systems-javadoc"], "id": "REDHAT-RHSA-2022-0290.NASL", "href": "https://www.tenable.com/plugins/nessus/157904", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0290. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157904);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n script_xref(name:\"RHSA\", value:\"2022:0290\");\n\n script_name(english:\"RHEL 8 : parfait:0.5 (RHSA-2022:0290)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0290 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcp-parfait-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:si-units\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:si-units-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unit-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unit-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-lib-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-se-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-systems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-systems-javadoc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'parfait:0.5': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'parfait-0.5.4-4.module+el8.5.0+13988+de2b8c0b', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-examples-0.5.4-4.module+el8.5.0+13988+de2b8c0b', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-javadoc-0.5.4-4.module+el8.5.0+13988+de2b8c0b', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcp-parfait-agent-0.5.4-4.module+el8.5.0+13988+de2b8c0b', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-0.6.5-2.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-javadoc-0.6.5-2.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-1.0-5.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-javadoc-1.0-5.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-1.0.1-6.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-parent-1.0.3-3.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-1.0.4-3.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-0.7-1.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-javadoc-0.7-1.module+el8+2463+615f6896', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'parfait-0.5.4-4.module+el8.5.0+13988+de2b8c0b', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-examples-0.5.4-4.module+el8.5.0+13988+de2b8c0b', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-javadoc-0.5.4-4.module+el8.5.0+13988+de2b8c0b', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcp-parfait-agent-0.5.4-4.module+el8.5.0+13988+de2b8c0b', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-0.6.5-2.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-javadoc-0.6.5-2.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-1.0-5.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-javadoc-1.0-5.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-1.0.1-6.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-parent-1.0.3-3.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-1.0.4-3.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-0.7-1.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-javadoc-0.7-1.module+el8+2463+615f6896', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/parfait');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module parfait:0.5');\nif ('0.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module parfait:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module parfait:0.5');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'parfait / parfait-examples / parfait-javadoc / pcp-parfait-agent / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:15:32", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0475 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.10-1] (Low) (RHSA-2022:0475)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-backend", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dbscripts", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-health-check-bundler", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-restapi", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-base", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-cinderlib", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-imageio", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine-common", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-vmconsole-proxy-helper", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-websocket-proxy", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools-backup", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-vmconsole-proxy-helper", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-webadmin-portal", "p-cpe:/a:redhat:enterprise_linux:ovirt-engine-websocket-proxy", "p-cpe:/a:redhat:enterprise_linux:python3-ovirt-engine-lib", "p-cpe:/a:redhat:enterprise_linux:rhvm", "p-cpe:/a:redhat:enterprise_linux:snmp4j", "p-cpe:/a:redhat:enterprise_linux:snmp4j-javadoc"], "id": "REDHAT-RHSA-2022-0475.NASL", "href": "https://www.tenable.com/plugins/nessus/157854", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0475. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157854);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0475\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.10-1] (Low) (RHSA-2022:0475)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0475 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0475\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 89, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-backend\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dbscripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-health-check-bundler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-restapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-cinderlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-imageio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-vmconsole-proxy-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-websocket-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-vmconsole-proxy-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-webadmin-portal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-websocket-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ovirt-engine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:snmp4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:snmp4j-javadoc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/debug',\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/os',\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ovirt-engine-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-backend-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-dbscripts-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-health-check-bundler-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-restapi-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-setup-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-setup-base-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-setup-plugin-cinderlib-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-setup-plugin-imageio-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-setup-plugin-ovirt-engine-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-setup-plugin-ovirt-engine-common-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-setup-plugin-websocket-proxy-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-tools-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-tools-backup-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-vmconsole-proxy-helper-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-webadmin-portal-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'ovirt-engine-websocket-proxy-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'python3-ovirt-engine-lib-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'rhvm-4.4.10.6-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'snmp4j-3.6.4-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'},\n {'reference':'snmp4j-javadoc-3.6.4-0.1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ovirt-engine / ovirt-engine-backend / ovirt-engine-dbscripts / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:43", "description": "The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0438 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-04T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4 (RHSA-2022:0438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:log4j-eap6"], "id": "REDHAT-RHSA-2022-0438.NASL", "href": "https://www.tenable.com/plugins/nessus/157374", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0438. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157374);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0438\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4 (RHSA-2022:0438)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0438 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j-eap6 and / or log4j-jboss-logmanager packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 89, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:log4j-eap6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['6','7'])) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6.3/debug',\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6.3/os',\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6.3/source/SRPMS',\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6.4/debug',\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6.4/os',\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6.4/source/SRPMS',\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6/debug',\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6/os',\n 'content/dist/rhel/power/6/6Server/ppc64/jbeap/6/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6.3/debug',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6.3/os',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6.3/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6.4/debug',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6.4/os',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6.4/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6/debug',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6/os',\n 'content/dist/rhel/server/6/6Server/i386/jbeap/6/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6.3/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6.3/os',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6.3/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6.4/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6.4/os',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6.4/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6/os',\n 'content/dist/rhel/server/6/6Server/x86_64/jbeap/6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'log4j-eap6-1.2.17-3.redhat_00008.1.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap6-jboss'},\n {'reference':'log4j-jboss-logmanager-1.1.4-3.Final_redhat_00002.1.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap6-jboss'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6.3/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6.3/os',\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6.3/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6.4/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6.4/os',\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6.4/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6/os',\n 'content/dist/rhel/power/7/7Server/ppc64/jbeap/6/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6.3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6.3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6.3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6.4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6.4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6.4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'log4j-eap6-1.2.17-3.redhat_00008.1.ep6.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap6-jboss'},\n {'reference':'log4j-jboss-logmanager-1.1.4-3.Final_redhat_00002.1.ep6.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap6-jboss'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j-eap6 / log4j-jboss-logmanager');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:32:55", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0294 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "RHEL 8 : parfait:0.5 (RHSA-2022:0294)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:parfait", "p-cpe:/a:redhat:enterprise_linux:parfait-examples", "p-cpe:/a:redhat:enterprise_linux:parfait-javadoc", "p-cpe:/a:redhat:enterprise_linux:pcp-parfait-agent", "p-cpe:/a:redhat:enterprise_linux:si-units", "p-cpe:/a:redhat:enterprise_linux:si-units-javadoc", "p-cpe:/a:redhat:enterprise_linux:unit-api", "p-cpe:/a:redhat:enterprise_linux:unit-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-lib", "p-cpe:/a:redhat:enterprise_linux:uom-lib-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-parent", "p-cpe:/a:redhat:enterprise_linux:uom-se", "p-cpe:/a:redhat:enterprise_linux:uom-se-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-systems", "p-cpe:/a:redhat:enterprise_linux:uom-systems-javadoc"], "id": "REDHAT-RHSA-2022-0294.NASL", "href": "https://www.tenable.com/plugins/nessus/164861", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0294. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164861);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0294\");\n\n script_name(english:\"RHEL 8 : parfait:0.5 (RHSA-2022:0294)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0294 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcp-parfait-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:si-units\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:si-units-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unit-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unit-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-lib-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-se-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-systems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-systems-javadoc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'parfait:0.5': [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'parfait-0.5.4-4.module+el8.1.0+14000+df5fdac7', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-examples-0.5.4-4.module+el8.1.0+14000+df5fdac7', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-javadoc-0.5.4-4.module+el8.1.0+14000+df5fdac7', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcp-parfait-agent-0.5.4-4.module+el8.1.0+14000+df5fdac7', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-0.6.5-2.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-javadoc-0.6.5-2.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-1.0-5.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-javadoc-1.0-5.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-1.0.1-6.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-parent-1.0.3-3.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-1.0.4-3.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-0.7-1.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-javadoc-0.7-1.module+el8+2463+615f6896', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/parfait');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module parfait:0.5');\nif ('0.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module parfait:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module parfait:0.5');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'parfait / parfait-examples / parfait-javadoc / pcp-parfait-agent / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:31:54", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0291 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "RHEL 8 : parfait:0.5 (RHSA-2022:0291)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:parfait", "p-cpe:/a:redhat:enterprise_linux:parfait-examples", "p-cpe:/a:redhat:enterprise_linux:parfait-javadoc", "p-cpe:/a:redhat:enterprise_linux:pcp-parfait-agent", "p-cpe:/a:redhat:enterprise_linux:si-units", "p-cpe:/a:redhat:enterprise_linux:si-units-javadoc", "p-cpe:/a:redhat:enterprise_linux:unit-api", "p-cpe:/a:redhat:enterprise_linux:unit-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-lib", "p-cpe:/a:redhat:enterprise_linux:uom-lib-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-parent", "p-cpe:/a:redhat:enterprise_linux:uom-se", "p-cpe:/a:redhat:enterprise_linux:uom-se-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-systems", "p-cpe:/a:redhat:enterprise_linux:uom-systems-javadoc"], "id": "REDHAT-RHSA-2022-0291.NASL", "href": "https://www.tenable.com/plugins/nessus/164870", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0291. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164870);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0291\");\n\n script_name(english:\"RHEL 8 : parfait:0.5 (RHSA-2022:0291)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0291 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcp-parfait-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:si-units\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:si-units-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unit-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unit-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-lib-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-se-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-systems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-systems-javadoc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'parfait:0.5': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'parfait-0.5.4-4.module+el8.2.0+13999+fa2fb353', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-examples-0.5.4-4.module+el8.2.0+13999+fa2fb353', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-javadoc-0.5.4-4.module+el8.2.0+13999+fa2fb353', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcp-parfait-agent-0.5.4-4.module+el8.2.0+13999+fa2fb353', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-0.6.5-2.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-javadoc-0.6.5-2.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-1.0-5.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-javadoc-1.0-5.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-1.0.1-6.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-parent-1.0.3-3.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-1.0.4-3.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-0.7-1.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-javadoc-0.7-1.module+el8+2463+615f6896', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/parfait');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module parfait:0.5');\nif ('0.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module parfait:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module parfait:0.5');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'parfait / parfait-examples / parfait-javadoc / pcp-parfait-agent / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:01", "description": "The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0436 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-04T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.4 (RHSA-2022:0436)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2022-0436.NASL", "href": "https://www.tenable.com/plugins/nessus/157376", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0436. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157376);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0436\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"RHEL 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.4 (RHSA-2022:0436)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0436 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected eap7-log4j-jboss-logmanager package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 89, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/jbeap/7.4/debug',\n 'content/dist/layered/rhel8/x86_64/jbeap/7.4/os',\n 'content/dist/layered/rhel8/x86_64/jbeap/7.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'eap7-log4j-jboss-logmanager-1.2.2-1.Final_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'eap7-log4j-jboss-logmanager-1.2.2-1.Final_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'eap7-log4j-jboss-logmanager');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:32:42", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0289 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "RHEL 8 : parfait:0.5 (RHSA-2022:0289)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:parfait", "p-cpe:/a:redhat:enterprise_linux:parfait-examples", "p-cpe:/a:redhat:enterprise_linux:parfait-javadoc", "p-cpe:/a:redhat:enterprise_linux:pcp-parfait-agent", "p-cpe:/a:redhat:enterprise_linux:si-units", "p-cpe:/a:redhat:enterprise_linux:si-units-javadoc", "p-cpe:/a:redhat:enterprise_linux:unit-api", "p-cpe:/a:redhat:enterprise_linux:unit-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-lib", "p-cpe:/a:redhat:enterprise_linux:uom-lib-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-parent", "p-cpe:/a:redhat:enterprise_linux:uom-se", "p-cpe:/a:redhat:enterprise_linux:uom-se-javadoc", "p-cpe:/a:redhat:enterprise_linux:uom-systems", "p-cpe:/a:redhat:enterprise_linux:uom-systems-javadoc"], "id": "REDHAT-RHSA-2022-0289.NASL", "href": "https://www.tenable.com/plugins/nessus/164872", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0289. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164872);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0289\");\n\n script_name(english:\"RHEL 8 : parfait:0.5 (RHSA-2022:0289)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0289 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:parfait-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcp-parfait-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:si-units\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:si-units-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unit-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unit-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-lib-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-se-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-systems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:uom-systems-javadoc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'parfait:0.5': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'parfait-0.5.4-4.module+el8.4.0+13998+1b70e2b7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-examples-0.5.4-4.module+el8.4.0+13998+1b70e2b7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'parfait-javadoc-0.5.4-4.module+el8.4.0+13998+1b70e2b7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcp-parfait-agent-0.5.4-4.module+el8.4.0+13998+1b70e2b7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-0.6.5-2.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'si-units-javadoc-0.6.5-2.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-1.0-5.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unit-api-javadoc-1.0-5.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-1.0.1-6.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-parent-1.0.3-3.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-1.0.4-3.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-0.7-1.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uom-systems-javadoc-0.7-1.module+el8+2463+615f6896', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/parfait');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module parfait:0.5');\nif ('0.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module parfait:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module parfait:0.5');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'parfait / parfait-examples / parfait-javadoc / pcp-parfait-agent / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:14:56", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0524 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-14T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Web Server 3.1 Service Pack 14 Security Update (Low) (RHSA-2022:0524)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:log4j-eap6", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps"], "id": "REDHAT-RHSA-2022-0524.NASL", "href": "https://www.tenable.com/plugins/nessus/158057", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0524. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158057);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0524\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Web Server 3.1 Service Pack 14 Security Update (Low) (RHSA-2022:0524)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0524 advisory.\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 89, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:log4j-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/jws/3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jws/3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jws/3/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'log4j-eap6-1.2.17-3.redhat_00008.1.ep6.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat-native-1.2.23-26.redhat_26.ep7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-admin-webapps-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-docs-webapp-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-el-2.2-api-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-javadoc-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-jsp-2.2-api-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-jsvc-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-lib-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-log4j-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-selinux-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-servlet-3.0-api-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat7-webapps-7.0.70-46.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-admin-webapps-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-docs-webapp-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-el-2.2-api-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-javadoc-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-jsp-2.3-api-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-jsvc-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-lib-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-log4j-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-selinux-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-servlet-3.1-api-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'},\n {'reference':'tomcat8-webapps-8.0.36-49.ep7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j-eap6 / tomcat-native / tomcat7 / tomcat7-admin-webapps / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:46:17", "description": "The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0212-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-28T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : log4j (SUSE-SU-2022:0212-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:log4j", "p-cpe:/a:novell:suse_linux:log4j-manual", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0212-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157221", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0212-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157221);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-23302\", \"CVE-2022-23305\", \"CVE-2022-23307\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0212-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : log4j (SUSE-SU-2022:0212-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:0212-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker\n has write access to the Log4j configuration or if the configuration references an LDAP service the\n attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing\n JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to\n CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which\n is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2\n as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the\n values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be\n included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or\n headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue\n only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized\n SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw\n V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23307\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010124.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d19f84f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j and / or log4j-manual packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'log4j-manual-1.2.15-126.9.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'log4j-manual-1.2.15-126.9.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'log4j-1.2.15-126.9.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j / log4j-manual');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:02", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0447 advisory.\n\n - undertow: client side invocation timeout raised when calling over HTTP2 (CVE-2021-3859)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-08T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat Single Sign-On 7.5.1 security update on RHEL 7 (Important) (RHSA-2022:0447)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3859", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"], "id": "REDHAT-RHSA-2022-0447.NASL", "href": "https://www.tenable.com/plugins/nessus/157418", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0447. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157418);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2021-3859\",\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0447\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"RHEL 7 : Red Hat Single Sign-On 7.5.1 security update on RHEL 7 (Important) (RHSA-2022:0447)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0447 advisory.\n\n - undertow: client side invocation timeout raised when calling over HTTP2 (CVE-2021-3859)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2010378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 89, 214, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-sso7-keycloak-15.0.4-1.redhat_00003.1.el7sso', 'release':'7', 'el_string':'el7sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'},\n {'reference':'rh-sso7-keycloak-server-15.0.4-1.redhat_00003.1.el7sso', 'release':'7', 'el_string':'el7sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:36", "description": "The version of log4j installed on the remote host is prior to 1.2.17-18. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1750 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : log4j (ALAS-2022-1750)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:log4j", "p-cpe:/a:amazon:linux:log4j-javadoc", "p-cpe:/a:amazon:linux:log4j-manual", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1750.NASL", "href": "https://www.tenable.com/plugins/nessus/158210", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1750.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158210);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2022-23302\", \"CVE-2022-23305\", \"CVE-2022-23307\");\n script_xref(name:\"ALAS\", value:\"2022-1750\");\n\n script_name(english:\"Amazon Linux 2 : log4j (ALAS-2022-1750)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of log4j installed on the remote host is prior to 1.2.17-18. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1750 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker\n has write access to the Log4j configuration or if the configuration references an LDAP service the\n attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing\n JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to\n CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which\n is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2\n as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the\n values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be\n included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or\n headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue\n only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized\n SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw\n V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1750.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23302.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23305.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23307.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update log4j' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:log4j-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:log4j-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'log4j-1.2.17-18.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-javadoc-1.2.17-18.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-manual-1.2.17-18.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"log4j / log4j-javadoc / log4j-manual\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:25", "description": "According to the versions of the log4j package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : log4j (EulerOS-SA-2022-1330)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:log4j", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/159087", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159087);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2022-23302\", \"CVE-2022-23305\", \"CVE-2022-23307\");\n\n script_name(english:\"EulerOS 2.0 SP5 : log4j (EulerOS-SA-2022-1330)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the log4j package installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker\n has write access to the Log4j configuration or if the configuration references an LDAP service the\n attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing\n JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to\n CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which\n is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2\n as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the\n values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be\n included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or\n headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue\n only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized\n SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw\n V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1330\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a89eb7e0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"log4j-1.2.17-16.h4.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"log4j\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:46:40", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:log4j", "p-cpe:/a:novell:suse_linux:log4j-manual", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0214-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157214", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0214-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157214);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-23302\", \"CVE-2022-23305\", \"CVE-2022-23307\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0214-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0214-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker\n has write access to the Log4j configuration or if the configuration references an LDAP service the\n attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing\n JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to\n CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which\n is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2\n as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the\n values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be\n included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or\n headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue\n only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized\n SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw\n V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23307\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010127.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fdac1f29\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j and / or log4j-manual packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'log4j-1.2.17-5.9.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'log4j-manual-1.2.17-5.9.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'log4j-1.2.17-5.9.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'log4j-manual-1.2.17-5.9.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'log4j-1.2.17-5.9.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'log4j-manual-1.2.17-5.9.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'log4j-1.2.17-5.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'log4j-1.2.17-5.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'log4j-manual-1.2.17-5.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'log4j-manual-1.2.17-5.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'log4j-1.2.17-5.9.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'log4j-manual-1.2.17-5.9.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j / log4j-manual');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:34", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0442 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : log4j (ELSA-2022-0442)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:log4j", "p-cpe:/a:oracle:linux:log4j-javadoc", "p-cpe:/a:oracle:linux:log4j-manual"], "id": "ORACLELINUX_ELSA-2022-0442.NASL", "href": "https://www.tenable.com/plugins/nessus/158101", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0442.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158101);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2022-23302\", \"CVE-2022-23305\", \"CVE-2022-23307\");\n\n script_name(english:\"Oracle Linux 7 : log4j (ELSA-2022-0442)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-0442 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker\n has write access to the Log4j configuration or if the configuration references an LDAP service the\n attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing\n JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to\n CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which\n is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2\n as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the\n values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be\n included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or\n headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue\n only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized\n SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw\n V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0442.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j, log4j-javadoc and / or log4j-manual packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:log4j-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:log4j-manual\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'log4j-1.2.17-18.el7_4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-javadoc-1.2.17-18.el7_4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-manual-1.2.17-18.el7_4', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j / log4j-javadoc / log4j-manual');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:47:49", "description": "The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0226-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-29T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : log4j12 (SUSE-SU-2022:0226-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:log4j12", "p-cpe:/a:novell:suse_linux:log4j12-javadoc", "p-cpe:/a:novell:suse_linux:log4j12-manual", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0226-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157233", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0226-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157233);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-23302\", \"CVE-2022-23305\", \"CVE-2022-23307\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0226-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : log4j12 (SUSE-SU-2022:0226-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:0226-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker\n has write access to the Log4j configuration or if the configuration references an LDAP service the\n attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing\n JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to\n CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which\n is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2\n as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the\n values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be\n included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or\n headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue\n only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized\n SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw\n V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23307\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010135.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81f99df9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j12, log4j12-javadoc and / or log4j12-manual packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j12-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j12-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'log4j12-1.2.17-4.9.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'log4j12-javadoc-1.2.17-4.9.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'log4j12-manual-1.2.17-4.9.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'log4j12-1.2.17-4.9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'log4j12-javadoc-1.2.17-4.9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'log4j12-manual-1.2.17-4.9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'log4j12-1.2.17-4.9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'log4j12-javadoc-1.2.17-4.9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'log4j12-manual-1.2.17-4.9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'log4j12-1.2.17-4.9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'log4j12-1.2.17-4.9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'log4j12-1.2.17-4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'log4j12-1.2.17-4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'log4j12-javadoc-1.2.17-4.9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'log4j12-javadoc-1.2.17-4.9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'log4j12-manual-1.2.17-4.9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'log4j12-manual-1.2.17-4.9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'log4j12-javadoc-1.2.17-4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']},\n {'reference':'log4j12-javadoc-1.2.17-4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']},\n {'reference':'log4j12-manual-1.2.17-4.9.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']},\n {'reference':'log4j12-manual-1.2.17-4.9.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j12 / log4j12-javadoc / log4j12-manual');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-08T16:41:11", "description": "The version of Atlassian Jira installed on the remote host is prior to 8.13.x < 8.13.21 / 8.20.x < 8.20.9 / 8.22.x < 8.22.3 / 9.0.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73885 advisory.\n\n - The version of {{log4j}} used by Jira has been updated from version *1.2.7-atlassian-3* to\n *1.2.7-atlassian-16* to address the following vulnerabilities:\n [CVE-2021-4104|https://vulners.com/cve/CVE-2021-4104] JMSAppender is vulnerable to a deserialization flaw. A local attacker with privileges to update the Jira configuration can exploit this to execute arbitrary code. Jira is not configured to use JMSAppender, nor does Atlassian provide any documentation on using JMSAppender with Jira. Atlassian has [remediated this vulnerability by preventing external JNDI lookups|https://bitbucket.org/atlassian/log4j1/pull-requests/9] in the Atlassian version of {{{}log4j{}}}. [CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493] and [CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307] Apache Chainsaw is bundled with {{log4j}} 1.2.x, and is vulnerable to a deserialization flaw. A remote, unauthenticated attacker could exploit this to execute arbitrary code. Please note that Chainsaw is a log viewer that is designed to be executed manually. It is not required by Jira, nor is it executed by default, nor does Atlassian provide any documentation on using Chainsaw with Jira. Atlassian has [remediated this vulnerability by removing Chainsaw|https://bitbucket.org/atlassian/log4j1/commits/3a06f7e94efa98331a875532212a3005fd9766d0] from the Atlassian version of {{{}log4j{}}}. [CVE-2022-23302|https://vulners.com/cve/CVE-2022-23302] JMSSink is vulnerable to a deserialization flaw. A local attacker with privileges to update the Jira configuration can exploit this to execute arbitrary code. Jira is not configured to use JMSSink by default, nor does Atlassian provide any documentation on using JMSSink with Jira. Atlassian has [remediated this vulnerability by removing JMSSink|https://bitbucket.org/atlassian/log4j1/commits/48b34334e5278dfd52b361b1ec6943ca4c3b997e] from the Atlassian version of {{{}log4j{}}}. [CVE-2022-23305|https://vulners.com/cve/CVE-2022-23305] JDBCAppender is vulnerable to a SQL injection flaw when configured to use the message converter ({{{}%m{}}}). A remote, unauthenticated attacker can exploit this to execute arbitrary SQL queries. Jira is not configured to use JDBCAppender by default, nor does Atlassian provide any documentation on using JDBCAppender with Jira. Atlassian has [remediated this vulnerability by removing JDBCAppender|https://bitbucket.org/atlassian/log4j1/commits/b933fe460d64ccfc027b4efee74a5ce1875fe3be] from the Atlassian version of {{{}log4j{}}}. Affected versions of Jira: * Versions < 8.13.21 * All versions 8.14.x through 8.19.x * Versions 8.21.x * Versions 8.22.x < 8.22.3 Fixed versions of Jira: * Versions 8.13.x >= 8.13.21 * Versions 8.20.x >= 8.20.9 * Versions 8.22.x >= 8.22.3 * Versions >= 9.0.0 (atlassian- JRASERVER-73885)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-18T00:00:00", "type": "nessus", "title": "Atlassian Jira 8.13.x < 8.13.21 / 8.20.x < 8.20.9 / 8.22.x < 8.22.3 / 9.0.0 SQLI (JRASERVER-73885)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-06-19T00:00:00", "cpe": ["cpe:/a:atlassian:jira"], "id": "JIRA_9_0_0_JRASERVER-73885.NASL", "href": "https://www.tenable.com/plugins/nessus/162398", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162398);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/19\");\n\n script_cve_id(\"CVE-2020-9493\");\n\n script_name(english:\"Atlassian Jira 8.13.x < 8.13.21 / 8.20.x < 8.20.9 / 8.22.x < 8.22.3 / 9.0.0 SQLI (JRASERVER-73885)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Atlassian Jira host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Atlassian Jira installed on the remote host is prior to 8.13.x < 8.13.21 / 8.20.x < 8.20.9 / 8.22.x <\n8.22.3 / 9.0.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73885 advisory.\n\n - The version of {{log4j}} used by Jira has been updated from version *1.2.7-atlassian-3* to\n *1.2.7-atlassian-16* to address the following vulnerabilities:\n [CVE-2021-4104|https://www.cve.org/CVERecord?id=CVE-2021-4104] JMSAppender is vulnerable to a\n deserialization flaw. A local attacker with privileges to update the Jira configuration can exploit this\n to execute arbitrary code. Jira is not configured to use JMSAppender, nor does Atlassian provide any\n documentation on using JMSAppender with Jira. Atlassian has [remediated this vulnerability by preventing\n external JNDI lookups|https://bitbucket.org/atlassian/log4j1/pull-requests/9] in the Atlassian version of\n {{{}log4j{}}}. [CVE-2020-9493|https://www.cve.org/CVERecord?id=CVE-2020-9493] and\n [CVE-2022-23307|https://www.cve.org/CVERecord?id=CVE-2022-23307] Apache Chainsaw is bundled with {{log4j}}\n 1.2.x, and is vulnerable to a deserialization flaw. A remote, unauthenticated attacker could exploit this\n to execute arbitrary code. Please note that Chainsaw is a log viewer that is designed to be executed\n manually. It is not required by Jira, nor is it executed by default, nor does Atlassian provide any\n documentation on using Chainsaw with Jira. Atlassian has [remediated this vulnerability by removing\n Chainsaw|https://bitbucket.org/atlassian/log4j1/commits/3a06f7e94efa98331a875532212a3005fd9766d0] from the\n Atlassian version of {{{}log4j{}}}. [CVE-2022-23302|https://www.cve.org/CVERecord?id=CVE-2022-23302]\n JMSSink is vulnerable to a deserialization flaw. A local attacker with privileges to update the Jira\n configuration can exploit this to execute arbitrary code. Jira is not configured to use JMSSink by\n default, nor does Atlassian provide any documentation on using JMSSink with Jira. Atlassian has\n [remediated this vulnerability by removing\n JMSSink|https://bitbucket.org/atlassian/log4j1/commits/48b34334e5278dfd52b361b1ec6943ca4c3b997e] from the\n Atlassian version of {{{}log4j{}}}. [CVE-2022-23305|https://www.cve.org/CVERecord?id=CVE-2022-23305]\n JDBCAppender is vulnerable to a SQL injection flaw when configured to use the message converter\n ({{{}%m{}}}). A remote, unauthenticated attacker can exploit this to execute arbitrary SQL queries. Jira\n is not configured to use JDBCAppender by default, nor does Atlassian provide any documentation on using\n JDBCAppender with Jira. Atlassian has [remediated this vulnerability by removing\n JDBCAppender|https://bitbucket.org/atlassian/log4j1/commits/b933fe460d64ccfc027b4efee74a5ce1875fe3be] from\n the Atlassian version of {{{}log4j{}}}. Affected versions of Jira: * Versions < 8.13.21 * All versions\n 8.14.x through 8.19.x * Versions 8.21.x * Versions 8.22.x < 8.22.3 Fixed versions of Jira: * Versions\n 8.13.x >= 8.13.21 * Versions 8.20.x >= 8.20.9 * Versions 8.22.x >= 8.22.3 * Versions >= 9.0.0 (atlassian-\n JRASERVER-73885)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.atlassian.com/browse/JRASERVER-73885\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Atlassian Jira version 8.13.21, 8.20.9, 8.22.3, 9.0.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9493\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:atlassian:jira\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jira_detect.nasl\", \"atlassian_jira_win_installed.nbin\", \"atlassian_jira_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Atlassian JIRA\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nvar app_info = vcf::combined_get_app_info(app:'Atlassian JIRA');\n\nvar constraints = [\n { 'min_version' : '8.13.20', 'fixed_version' : '8.13.21' },\n { 'min_version' : '8.20.8', 'fixed_version' : '8.20.9' },\n { 'min_version' : '8.22.2', 'fixed_version' : '8.22.3', 'fixed_display' : '8.22.3 / 9.0.0' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n flags:{'sqli':TRUE}\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:48:56", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0448 advisory.\n\n - undertow: client side invocation timeout raised when calling over HTTP2 (CVE-2021-3859)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-08T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat Single Sign-On 7.5.1 security update on RHEL 8 (Important) (RHSA-2022:0448)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3859", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"], "id": "REDHAT-RHSA-2022-0448.NASL", "href": "https://www.tenable.com/plugins/nessus/157455", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0448. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157455);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2021-3859\",\n \"CVE-2021-4104\",\n \"CVE-2022-23302\",\n \"CVE-2022-23305\",\n \"CVE-2022-23307\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0448\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"RHEL 8 : Red Hat Single Sign-On 7.5.1 security update on RHEL 8 (Important) (RHSA-2022:0448)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0448 advisory.\n\n - undertow: client side invocation timeout raised when calling over HTTP2 (CVE-2021-3859)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n (CVE-2021-4104)\n\n - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\n - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2010378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2031667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2041967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 89, 214, 502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-sso7-keycloak-15.0.4-1.redhat_00003.1.el8sso', 'release':'8', 'el_string':'el8sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'},\n {'reference':'rh-sso7-keycloak-server-15.0.4-1.redhat_00003.1.el8sso', 'release':'8', 'el_string':'el8sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:46:23", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14881-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-27T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : log4j (SUSE-SU-2022:14881-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9493", "CVE-2021-4104", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:log4j", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2022-14881-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157154", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:14881-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157154);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2022-23302\", \"CVE-2022-23305\", \"CVE-2022-23307\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:14881-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : log4j (SUSE-SU-2022:14881-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:14881-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker\n has write access to the Log4j configuration or if the configuration references an LDAP service the\n attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing\n JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to\n CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which\n is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2\n as it addresses numerous other issues from the previous versions. (CVE-2022-23302)\n\n - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the\n values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be\n included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or\n headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue\n only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized\n SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2022-23305)\n\n - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw\n V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23307\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010085.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b1b24b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23307\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'log4j-1.2.15-26.32.20.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:40:07", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0226-1 advisory.\n\n - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion
CVE-2022-23302
