{ "threat_severity" : "Moderate", "public_date" : "2021-12-10T00:00:00Z", "bugzilla" : { "description" : "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", "id" : "2031667", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint." ], "statement" : "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JNDI LDAP endpoint. \nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker's control.\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", "affected_release" : [ { "product_name" : "EAP 6.4.24 release", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5458", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "EAP 6.4 log4j async", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0437", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "package" : "log4j", "impact" : "low" }, { "product_name" : "Red Hat Data Grid 7.3.9", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0430", "cpe" : "cpe:/a:redhat:jboss_data_grid:7.3", "package" : "log4j", "impact" : "low" }, { "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_els:6", "package" : "log4j-0:1.2.14-6.5.el6_10" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "log4j-0:1.2.17-17.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_aus:7.3", "package" : "log4j-0:1.2.17-16.el7_3" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_aus:7.4", "package" : "log4j-0:1.2.17-17.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_aus:7.6", "package" : "log4j-0:1.2.17-17.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_tus:7.6", "package" : "log4j-0:1.2.17-17.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_e4s:7.6", "package" : "log4j-0:1.2.17-17.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_aus:7.7", "package" : "log4j-0:1.2.17-17.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_tus:7.7", "package" : "log4j-0:1.2.17-17.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date" : "2021-12-20T00:00:00Z", "advisory" : "RHSA-2021:5206", "cpe" : "cpe:/o:redhat:rhel_e4s:7.7", "package" : "log4j-0:1.2.17-17.el7_4" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-01-26T00:00:00Z", "advisory" : "RHSA-2022:0290", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "parfait:0.5-8050020220124063900.6b489b78" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date" : "2022-01-26T00:00:00Z", "advisory" : "RHSA-2022:0294", "cpe" : "cpe:/a:redhat:rhel_e4s:8.1", "package" : "parfait:0.5-8010020220124232535.d5701770" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2022-01-26T00:00:00Z", "advisory" : "RHSA-2022:0291", "cpe" : "cpe:/a:redhat:rhel_eus:8.2", "package" : "parfait:0.5-8020020220124231008.1c5d4e8a" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date" : "2022-01-26T00:00:00Z", "advisory" : "RHSA-2022:0289", "cpe" : "cpe:/a:redhat:rhel_eus:8.4", "package" : "parfait:0.5-8040020220124230039.d304d9ed" }, { "product_name" : "Red Hat Fuse 7.10.1", "release_date" : "2022-02-23T00:00:00Z", "advisory" : "RHSA-2022:0661", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "log4j" }, { "product_name" : "Red Hat Fuse/AMQ 6.3.20", "release_date" : "2022-02-15T00:00:00Z", "advisory" : "RHSA-2022:0553", "cpe" : "cpe:/a:redhat:jboss_amq:6.3", "package" : "log4j" }, { "product_name" : "Red Hat Fuse/AMQ 6.3.20", "release_date" : "2022-02-15T00:00:00Z", "advisory" : "RHSA-2022:0553", "cpe" : "cpe:/a:redhat:jboss_fuse:6.3", "package" : "log4j" }, { "product_name" : "Red Hat JBoss Data Virtualization 6.4.8.SP1", "release_date" : "2022-02-09T00:00:00Z", "advisory" : "RHSA-2022:0497", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6.4", "package" : "log4j" }, { "product_name" : "Red Hat JBoss Data Virtualization 6.4.8.SP2", "release_date" : "2022-02-10T00:00:00Z", "advisory" : "RHSA-2022:0507", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6.4", "package" : "log4j" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0438", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0438", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el6", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0438", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0438", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5460", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package" : "jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el7", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0435", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "log4j", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2022-04-11T00:00:00Z", "advisory" : "RHSA-2022:1299", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "log4j", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2024-08-26T00:00:00Z", "advisory" : "RHSA-2024:5856", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2024-11-25T00:00:00Z", "advisory" : "RHSA-2024:10207", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0436", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el8eap", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2022-04-11T00:00:00Z", "advisory" : "RHSA-2022:1297", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2022-02-03T00:00:00Z", "advisory" : "RHSA-2022:0436", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el7eap", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2022-04-11T00:00:00Z", "advisory" : "RHSA-2022:1296", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap", "impact" : "low" }, { "product_name" : "Red Hat JBoss Web Server 3.1", "release_date" : "2022-02-14T00:00:00Z", "advisory" : "RHSA-2022:0527", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1" }, { "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7", "release_date" : "2022-02-14T00:00:00Z", "advisory" : "RHSA-2022:0524", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package" : "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7" }, { "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7", "release_date" : "2022-02-14T00:00:00Z", "advisory" : "RHSA-2022:0524", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package" : "tomcat7-0:7.0.70-46.ep7.el7" }, { "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7", "release_date" : "2022-02-14T00:00:00Z", "advisory" : "RHSA-2022:0524", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package" : "tomcat8-0:8.0.36-49.ep7.el7" }, { "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7", "release_date" : "2022-02-14T00:00:00Z", "advisory" : "RHSA-2022:0524", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package" : "tomcat-native-0:1.2.23-26.redhat_26.ep7.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2021-12-16T00:00:00Z", "advisory" : "RHSA-2021:5141", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "openshift4/ose-metering-hadoop:v4.6.0-202112150545.p0.gf381145.assembly.art3595" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2021-12-16T00:00:00Z", "advisory" : "RHSA-2021:5141", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "openshift4/ose-metering-presto:v4.6.0-202112150545.p0.g190688a.assembly.art3595" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2021-12-16T00:00:00Z", "advisory" : "RHSA-2021:5186", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "openshift4/ose-metering-hive:v4.6.0-202112160147.p0.gf139e12.assembly.stream" }, { "product_name" : "Red Hat OpenShift Container Platform 4.7", "release_date" : "2021-12-16T00:00:00Z", "advisory" : "RHSA-2021:5107", "cpe" : "cpe:/a:redhat:openshift:4.7::el8", "package" : "openshift4/ose-metering-hadoop:v4.7.0-202112150631.p0.g6046504.assembly.4.7.40" }, { "product_name" : "Red Hat OpenShift Container Platform 4.7", "release_date" : "2021-12-16T00:00:00Z", "advisory" : "RHSA-2021:5107", "cpe" : "cpe:/a:redhat:openshift:4.7::el8", "package" : "openshift4/ose-metering-presto:v4.7.0-202112150631.p0.gd502108.assembly.4.7.40" }, { "product_name" : "Red Hat OpenShift Container Platform 4.7", "release_date" : "2021-12-16T00:00:00Z", "advisory" : "RHSA-2021:5184", "cpe" : "cpe:/a:redhat:openshift:4.7::el8", "package" : "openshift4/ose-metering-hive:v4.7.0-202112160422.p0.g6a2b6aa.assembly.4.7.40" }, { "product_name" : "Red Hat OpenShift Container Platform 4.8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5148", "cpe" : "cpe:/a:redhat:openshift:4.8::el8", "package" : "openshift4/ose-metering-hadoop:v4.8.0-202112150431.p0.gebd9cb4.assembly.art3599" }, { "product_name" : "Red Hat OpenShift Container Platform 4.8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5148", "cpe" : "cpe:/a:redhat:openshift:4.8::el8", "package" : "openshift4/ose-metering-presto:v4.8.0-202112150431.p0.g4b934ae.assembly.art3599" }, { "product_name" : "Red Hat OpenShift Container Platform 4.8", "release_date" : "2021-12-16T00:00:00Z", "advisory" : "RHSA-2021:5183", "cpe" : "cpe:/a:redhat:openshift:4.8::el8", "package" : "openshift4/ose-metering-hive:v4.8.0-202112160147.p0.g5672016.assembly.stream" }, { "product_name" : "Red Hat Single Sign-On 7.4.10", "release_date" : "2022-02-07T00:00:00Z", "advisory" : "RHSA-2022:0446", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7", "package" : "log4j" }, { "product_name" : "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date" : "2022-02-07T00:00:00Z", "advisory" : "RHSA-2022:0447", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "package" : "rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el7sso" }, { "product_name" : "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date" : "2022-02-07T00:00:00Z", "advisory" : "RHSA-2022:0448", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "package" : "rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el8sso" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2021-12-22T00:00:00Z", "advisory" : "RHSA-2021:5269", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-maven36-log4j12-0:1.2.17-23.3.el7" }, { "product_name" : "Red Hat Virtualization Engine 4.4", "release_date" : "2022-02-08T00:00:00Z", "advisory" : "RHSA-2022:0475", "cpe" : "cpe:/a:redhat:rhev_manager:4.4:el8", "package" : "org.ovirt.engine-root-0:4.4.10.6-1", "impact" : "low" }, { "product_name" : "Red Hat Virtualization Engine 4.4", "release_date" : "2022-02-08T00:00:00Z", "advisory" : "RHSA-2022:0475", "cpe" : "cpe:/a:redhat:rhev_manager:4.4:el8", "package" : "snmp4j-0:3.6.4-0.1.el8ev", "impact" : "low" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2022-02-07T00:00:00Z", "advisory" : "RHSA-2022:0444", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso74-openshift-rhel8:7.4-45" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2022-02-07T00:00:00Z", "advisory" : "RHSA-2022:0445", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso74-openj9-openshift-rhel8:7.4-60" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2022-02-07T00:00:00Z", "advisory" : "RHSA-2022:0450", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso75-openshift-rhel8:7.5-17" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2022-02-07T00:00:00Z", "advisory" : "RHSA-2022:0450", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso7-rhel8-operator-bundle:7.5.1-9" }, { "product_name" : "RHSSO 7.5.1", "release_date" : "2022-02-07T00:00:00Z", "advisory" : "RHSA-2022:0449", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7", "package" : "log4j" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Not affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:quarkus:2" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Not affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "tomcat", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Not affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat Integration Camel Quarkus 1", "fix_state" : "Not affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:camel_quarkus:2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Not affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Out of support scope", "package_name" : "opendaylight", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "log4j-over-slf4j", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Not affected", "package_name" : "ovirt-engine", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Not affected", "package_name" : "ovirt-engine-extension-logger-log4j", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Not affected", "package_name" : "vdsm-jsonrpc-java", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Affected", "package_name" : "log4j", "cpe" : "cpe:/a:redhat:amq_streams:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-4104\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4104\nhttps://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126\nhttps://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301\nhttps://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx\nhttps://www.openwall.com/lists/oss-security/2021/12/13/1" ], "name" : "CVE-2021-4104", "mitigation" : { "value" : "These are the possible mitigations for this flaw for releases version 1.x:\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "lang" : "en:us" }, "csaw" : false }