RHSA-2022:0203CriticalCVSS 9.8
Red Hat Security Advisory: Red Hat Fuse 7.8-7.10 security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2021-44228 — log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value CVE-2021-44832 — log4j-core: remote code execution via JDBC Appender CVE-2021-45046 — log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) CVE-2021-45105 — log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2022:0203
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=7.08.0
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=7.09.0
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=7.10.0
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2030932
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2032580
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2034067
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2035951
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0203.json