Lucene search

K
redhatRedHatRHSA-2022:0439
HistoryFeb 03, 2022 - 6:49 p.m.

(RHSA-2022:0439) Important: rh-maven36-log4j12 security update

2022-02-0318:49:50
access.redhat.com
52

0.008 Low

EPSS

Percentile

82.3%

Log4j is a tool to help the programmer output log statements to a variety of output targets.

Security Fix(es):

  • log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)

  • log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)

  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.