VDB
SUSE-SU-2022%3A0226-1
SUSE-SU-2022%3A0226-1
PUBLISHED
CVSS 9.300000190734863 CRITICAL
This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE:Linux Enterprise Module for Development Tools 15 SP3 | log4j12 | 0, 0 |
| SUSE:Manager Proxy 4.1 | log4j12 | 0, 0 |
| SUSE:Enterprise Storage 7 | log4j12 | 0, 0 |
| SUSE:Manager Server 4.1 | log4j12 | 0, 0 |
| SUSE:Linux Enterprise Module for Basesystem 15 SP3 | log4j12 | 0, 0 |
| SUSE:Linux Enterprise Server 15 SP2-LTSS | log4j12 | 0, 0 |
| SUSE:Manager Retail Branch Server 4.1 | log4j12 | 0, 0 |
| SUSE:Linux Enterprise Real Time 15 SP2 | log4j12 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS | log4j12 | 0, 0 |
| SUSE:Linux Enterprise Server for SAP Applications 15 SP2 | log4j12 | 0, 0 |
| SUSE:Linux Enterprise Server 15 SP2-BCL | log4j12 | 0, 0 |
| SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOS | log4j12 | 0, 0 |
Timeline
- Jan 28, 2022 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://www.suse.com/support/update/announcement/2022/suse-su-20220226-1/ advisory
- https://bugzilla.suse.com/1193184 report
- https://bugzilla.suse.com/1194842 report
- https://bugzilla.suse.com/1194843 report
- https://bugzilla.suse.com/1194844 report
- https://www.suse.com/security/cve/CVE-2022-23302 url
- https://www.suse.com/security/cve/CVE-2022-23305 url
- https://www.suse.com/security/cve/CVE-2022-23307 url