BDU:2023-07207

BDU

High

Уязвимость компонентов Chainsaw и SocketAppender программы для журналирования Java-программ Log4j связана с недостатками механизма десериал…

CVSS

7.5

High

EPSS

0.00

Published

2023-01-01

Updated

2023-01-01

Description

Уязвимость компонентов Chainsaw и SocketAppender программы для журналирования Java-программ Log4j связана с недостатками механизма десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Tags · CWE

Pre-auth

Affected products

Apache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jGoogle inc Android studioGoogle inc Android studioGoogle inc Android studioGoogle inc Android studioGoogle inc Android studioGoogle inc Android studioRed hat inc. A-mq clientsRed hat inc. A-mq clientsRed hat inc. A-mq clientsRed hat inc. A-mq clientsRed hat inc. A-mq clientsRed hat inc. A-mq clientsRed hat inc. Data gridRed hat inc. Data grid

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

2023-01-01

Published

2023-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Red Hat

Jboss Enterprise Application Platform Red Hat Software Collections Jboss Fuse Red Hat Single Sign-on Openshift Application Runtimes Jboss Web Server Openshift Developer Tools And Services Jboss Data Grid Data Grid Red Hat Jboss Data Virtualization+6

Product	Vendor	Status
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
android studio	google inc	Tracked
android studio	google inc	Tracked
android studio	google inc	Tracked
android studio	google inc	Tracked
android studio	google inc	Tracked
android studio	google inc	Tracked
a-mq clients	red hat inc.	Tracked
a-mq clients	red hat inc.	Tracked
a-mq clients	red hat inc.	Tracked
a-mq clients	red hat inc.	Tracked
a-mq clients	red hat inc.	Tracked
a-mq clients	red hat inc.	Tracked
data grid	red hat inc.	Tracked
data grid	red hat inc.	Tracked

Showing first 20 of 132

Source databases

BDU

Related vulnerabilities

CVE-2023-26464

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26464@https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t@https://security-tracker.debian.org/tracker/CVE-2023-26464@https://access.redhat.com/security/cve/CVE-2023-26464@https://abf.rosa.ru/advisories/ROSA-SA-2024-2519