VDB

SUSE-SU-2022%3A0226-1

SUSE-SU-2022%3A0226-1 PUBLISHED CVSS 9.300000190734863 CRITICAL

This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
SUSE:Linux Enterprise Module for Development Tools 15 SP3log4j120, 0
SUSE:Manager Proxy 4.1log4j120, 0
SUSE:Enterprise Storage 7log4j120, 0
SUSE:Manager Server 4.1log4j120, 0
SUSE:Linux Enterprise Module for Basesystem 15 SP3log4j120, 0
SUSE:Linux Enterprise Server 15 SP2-LTSSlog4j120, 0
SUSE:Manager Retail Branch Server 4.1log4j120, 0
SUSE:Linux Enterprise Real Time 15 SP2log4j120, 0
SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSlog4j120, 0
SUSE:Linux Enterprise Server for SAP Applications 15 SP2log4j120, 0
SUSE:Linux Enterprise Server 15 SP2-BCLlog4j120, 0
SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSlog4j120, 0

Timeline

  • Jan 28, 2022 CVE Published
  • Feb 4, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›