First published: Tue Jan 18 2022(Updated: )
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/log4j | <0:1.2.14-6.6.el6_10 | 0:1.2.14-6.6.el6_10 |
redhat/log4j | <0:1.2.17-18.el7_4 | 0:1.2.17-18.el7_4 |
redhat/log4j | <0:1.2.17-17.el7_3 | 0:1.2.17-17.el7_3 |
redhat/log4j-eap6 | <0:1.2.17-3.redhat_00008.1.ep6.el6 | 0:1.2.17-3.redhat_00008.1.ep6.el6 |
redhat/log4j-jboss-logmanager | <0:1.1.4-3.Final_redhat_00002.1.ep6.el6 | 0:1.1.4-3.Final_redhat_00002.1.ep6.el6 |
redhat/jboss-as-appclient | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-appclient | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-bundles | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-cli | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-client-all | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-clustering | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-cmp | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-configadmin | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-connector | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-controller | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-controller-client | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-core | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-core-security | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-deployment-repository | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-deployment-scanner | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-domain | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-domain-http | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-domain-management | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-ee | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-ee-deployment | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-ejb3 | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-embedded | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-host-controller | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-jacorb | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-javadocs | <0:7.5.24-1.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-1.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-jaxr | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-jaxrs | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-jdr | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-jmx | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-jpa | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-jsf | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-jsr77 | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-logging | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-mail | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-management-client-content | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-messaging | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-modcluster | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-modules-eap | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-naming | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-network | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-osgi | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-osgi-configadmin | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-osgi-service | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-picketlink | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-platform-mbean | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-pojo | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-process-controller | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-product-eap | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-protocol | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-remoting | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-sar | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-security | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-server | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-standalone | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-system-jmx | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-threads | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-transactions | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-version | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-web | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-webservices | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossas-welcome-content-eap | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-weld | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jboss-as-xts | <0:7.5.24-2.Final_redhat_00001.1.ep6.el6 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el6 |
redhat/jbossts | <1:4.17.45-2.Final_redhat_2.1.ep6.el6 | 1:4.17.45-2.Final_redhat_2.1.ep6.el6 |
redhat/jbossweb | <0:7.5.32-2.Final_redhat_1.2.ep6.el6 | 0:7.5.32-2.Final_redhat_1.2.ep6.el6 |
redhat/log4j-eap6 | <0:1.2.17-3.redhat_00008.1.ep6.el7 | 0:1.2.17-3.redhat_00008.1.ep6.el7 |
redhat/log4j-jboss-logmanager | <0:1.1.4-3.Final_redhat_00002.1.ep6.el7 | 0:1.1.4-3.Final_redhat_00002.1.ep6.el7 |
redhat/jboss-as-appclient | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-appclient | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-bundles | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-cli | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-client-all | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-clustering | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-cmp | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-configadmin | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-connector | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-controller | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-controller-client | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-core | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-core-security | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-deployment-repository | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-deployment-scanner | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-domain | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-domain-http | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-domain-management | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-ee | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-ee-deployment | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-ejb3 | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-embedded | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-host-controller | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-jacorb | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-javadocs | <0:7.5.24-1.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-1.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-jaxr | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-jaxrs | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-jdr | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-jmx | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-jpa | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-jsf | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-jsr77 | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-logging | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-mail | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-management-client-content | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-messaging | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-modcluster | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-modules-eap | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-naming | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-network | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-osgi | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-osgi-configadmin | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-osgi-service | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-picketlink | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-platform-mbean | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-pojo | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-process-controller | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-product-eap | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-protocol | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-remoting | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-sar | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-security | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-server | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-standalone | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-system-jmx | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-threads | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-transactions | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-version | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-web | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-webservices | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossas-welcome-content-eap | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-weld | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jboss-as-xts | <0:7.5.24-2.Final_redhat_00001.1.ep6.el7 | 0:7.5.24-2.Final_redhat_00001.1.ep6.el7 |
redhat/jbossts | <1:4.17.45-2.Final_redhat_2.1.ep6.el7 | 1:4.17.45-2.Final_redhat_2.1.ep6.el7 |
redhat/jbossweb | <0:7.5.32-2.Final_redhat_1.2.ep6.el7 | 0:7.5.32-2.Final_redhat_1.2.ep6.el7 |
redhat/eap7-log4j-jboss-logmanager | <0:1.2.2-1.Final_redhat_00002.1.el8ea | 0:1.2.2-1.Final_redhat_00002.1.el8ea |
redhat/eap7-log4j | <0:2.17.1-1.redhat_00001.1.el8ea | 0:2.17.1-1.redhat_00001.1.el8ea |
redhat/eap7-log4j-jboss-logmanager | <0:1.2.2-1.Final_redhat_00002.1.el7ea | 0:1.2.2-1.Final_redhat_00002.1.el7ea |
redhat/eap7-log4j | <0:2.17.1-1.redhat_00001.1.el7ea | 0:2.17.1-1.redhat_00001.1.el7ea |
redhat/tomcat7 | <0:7.0.70-46.ep7.el7 | 0:7.0.70-46.ep7.el7 |
redhat/tomcat8 | <0:8.0.36-49.ep7.el7 | 0:8.0.36-49.ep7.el7 |
redhat/tomcat-native | <0:1.2.23-26.redhat_26.ep7.el7 | 0:1.2.23-26.redhat_26.ep7.el7 |
redhat/rh-sso7-keycloak | <0:15.0.4-1.redhat_00003.1.el7 | 0:15.0.4-1.redhat_00003.1.el7 |
redhat/rh-sso7-keycloak | <0:15.0.4-1.redhat_00003.1.el8 | 0:15.0.4-1.redhat_00003.1.el8 |
redhat/rh-maven36-log4j12 | <0:1.2.17-23.4.el7 | 0:1.2.17-23.4.el7 |
redhat/snmp4j | <0:3.6.4-0.1.el8e | 0:3.6.4-0.1.el8e |
redhat/redhat-sso | <7-sso75-openshift-rhel8 | 7-sso75-openshift-rhel8 |
maven/org.zenframework.z8.dependencies.commons:log4j-1.2.17 | <=2.0 | |
maven/log4j:log4j | <=1.2.17 | |
Apache Log4j | =2.0-beta9 | |
Apache Log4j | =2.15.0 | |
Apache Log4j | =2.17.0 | |
Apache Log4j | =1.2.x | |
Apache Log4j | >=1.2<=1.2.17 | |
Netapp Snapmanager Oracle | ||
Netapp Snapmanager Sap | ||
Broadcom Brocade Sannav | ||
Qos Reload4j | <1.2.18.2 | |
Oracle Advanced Supply Chain Planning | =12.1 | |
Oracle Advanced Supply Chain Planning | =12.2 | |
Oracle Business Intelligence | =5.9.0.0.0 | |
Oracle Business Intelligence | =12.2.1.3.0 | |
Oracle Business Intelligence | =12.2.1.4.0 | |
Oracle Business Process Management Suite | =12.2.1.3.0 | |
Oracle Business Process Management Suite | =12.2.1.4.0 | |
Oracle Communications Eagle Ftp Table Base Retrieval | =4.5 | |
Oracle Communications Instant Messaging Server | =10.0.1.5.0 | |
Oracle Communications Messaging Server | =8.1 | |
Oracle Communications Network Integrity | =7.3.6 | |
Oracle Communications Offline Mediation Controller | <12.0.0.4.4 | |
Oracle Communications Offline Mediation Controller | =12.0.0.5.0 | |
Oracle Communications Unified Inventory Management | =7.4.1 | |
Oracle Communications Unified Inventory Management | =7.4.2 | |
Oracle E-business Suite Cloud Manager And Cloud Backup Module | <2.2.1.1.1 | |
Oracle E-business Suite Cloud Manager And Cloud Backup Module | =2.2.1.1.1 | |
Oracle E-business Suite Information Discovery | >=12.2.3<=12.2.11 | |
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle Enterprise Manager Base Platform | =13.5.0.0 | |
Oracle Financial Services Revenue Management And Billing Analytics | =2.7.0.0 | |
Oracle Financial Services Revenue Management And Billing Analytics | =2.7.0.1 | |
Oracle Financial Services Revenue Management And Billing Analytics | =2.8.0.0 | |
Oracle Healthcare Foundation | =8.1.0 | |
Oracle Hyperion Data Relationship Management | <11.2.8.0 | |
Oracle Hyperion Infrastructure Technology | <11.2.8.0 | |
Oracle Identity Management Suite | =12.2.1.3.0 | |
Oracle Identity Management Suite | =12.2.1.4.0 | |
Oracle Identity Manager Connector | =11.1.1.5.0 | |
Oracle JDeveloper | =12.2.1.3.0 | |
Oracle Middleware Common Libraries And Tools | =12.2.1.4.0 | |
Oracle Mysql Enterprise Monitor | <=8.0.29 | |
Oracle Retail Extract Transform And Load | =13.2.5 | |
Oracle Tuxedo | =12.2.2.0.0 | |
Oracle WebLogic Server | =12.2.1.3.0 | |
Oracle WebLogic Server | =12.2.1.4.0 | |
Oracle WebLogic Server | =14.1.1.0.0 | |
debian/apache-log4j1.2 | 1.2.17-10+deb11u1 1.2.17-11 | |
IBM QRadar SIEM | <=7.5 - 7.5.0 UP7 |
These are the possible mitigations for this flaw for releases version 1.x: - Comment out or remove JDBCAppender in the Log4j configuration if it is used - Remove the JDBCAppender class from the server's jar files. For example: ``` zip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class ```
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)