WORDS
| CVSS | |
|---|---|
| DESCRIPTION | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. |
| HEAT SCORE | 136 |
| DATE | TWEETS | USER |
|---|---|---|
| 2022-04-20 06:23:00 | 🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/mVdxMJkUFY https://twitter.com/i/web/status/1516661255276490752 | threatintelctr |
| 2022-04-20 04:20:40 | 🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/W2BiXVnOIF https://twitter.com/i/web/status/1516631053938659330 | threatintelctr |
| 2022-04-20 01:02:19 | 🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/jksaZMwPYe https://twitter.com/i/web/status/1516578204252790789 | threatintelctr |
| 2022-04-08 16:01:04 | New post from https://t.co/uXvPWJy6tj (CVE-2022-23302 (brocade_sannav, log4j, reload4j, snapmanager)) has been publ… https://t.co/Zom0VWblvC http://www.sesin.at https://twitter.com/i/web/status/1512457815155265543 | WolfgangSesin |
| 2022-04-08 16:00:54 | New post from https://t.co/9KYxtdZjkl (CVE-2022-23302 (brocade_sannav, log4j, reload4j, snapmanager)) has been publ… https://t.co/D8FRWC0ukR http://www.sesin.at https://twitter.com/i/web/status/1512457838869860357 | www_sesin_at |
| 2022-04-08 13:55:28 | 🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/flD8GlwBGk https://twitter.com/i/web/status/1512425842147840012 | threatintelctr |
| 2022-03-09 22:45:51 | @fpientka @ApacheLog4j Thank you for letting me know. For your information, CVE-2022-23302, CVE-2022-23305, CVE-2… https://t.co/8HdNVtzKh2 https://twitter.com/i/web/status/1501686798514364418 | ceki |
| 2022-03-04 23:33:02 | New post from https://t.co/uXvPWJy6tj (CVE-2022-23302 (brocade_sannav, log4j, snapmanager)) has been published on https://t.co/VB5ifxXlHp http://www.sesin.at https://www.sesin.at/2022/03/05/cve-2022-23302-brocade_sannav-log4j-snapmanager/ | WolfgangSesin |
| 2022-03-04 23:31:03 | New post from https://t.co/9KYxtdZjkl (CVE-2022-23302 (brocade_sannav, log4j, snapmanager)) has been published on https://t.co/X8fijYD1lz http://www.sesin.at https://www.sesin.at/2022/03/05/cve-2022-23302-brocade_sannav-log4j-snapmanager/ | www_sesin_at |
| 2022-03-04 21:52:21 | 🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/8uhLqajPID https://twitter.com/i/web/status/1499863058797281283 | threatintelctr |
| 2022-03-03 16:00:11 | Log4j Ver.1系統も、2021/12以降だけでも複数の脆弱性情報(CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)が出ていて、対応せざるを得なかっ… https://t.co/1G73EaxDri https://twitter.com/i/web/status/1499413649269850113 | harugasumi |
| 2022-02-24 12:50:11 | #log4hell : CVE-2022-23302 JMSSink dans toutes les versions de Log4j 1.x est vulnérable à la désérialisation des… https://t.co/yfjQgq8w5P https://twitter.com/i/web/status/1496828720140722193 | HaboubiAnis |
| 2022-02-17 18:54:39 | 🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/qWBdl9CqYE https://twitter.com/i/web/status/1494381943647084550 | threatintelctr |
| 2022-02-10 09:30:41 | IT Risk: Red Hat.Multiple Vulnerabilities in JBoss Data Virtualization 6.4.8.SP1 -2/2 CVE-2022-23302 CVE-2022-23305 CVE-2022-2330 | management_sun |
| 2022-02-09 23:11:27 | CVE-2022-23302 https://t.co/y6OVp9t3QU #HarsiaInfo https://har-sia.info/CVE-2022-23302.html | Har_sia |
| 2022-02-09 09:50:57 | IT Risk: Red Hat.Multiple Vulnerabilities in Single Sign-On 7.4.10 and Single Sign-On 7.5.1 -2/2 CVE-2022-23302 CVE… https://t.co/ClYJjyEZgA https://twitter.com/i/web/status/1491346153421815809 | management_sun |
| 2022-02-09 09:45:00 | IT Risk: Red Hat.Single Sign-On 7.5.1に複数の脆弱性 -2/2 CVE-2021-3859 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 | management_sun |
| 2022-02-09 09:40:17 | IT Risk: Red Hat.Single Sign-On 7.4.10,Single Sign-On 7.5.1に複数の脆弱性 -2/2 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 | management_sun |
| 2022-02-09 09:10:15 | IT Risk: Red Hat.AMQ Streams 1.6.7に複数の脆弱性 -3/2 CVE-2021-4178 CVE-2021-44832 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 | management_sun |
| 2022-02-01 07:50:11 | K59563964: Apache Log4j Remote Code Execution vulnerability CVE-2022-23302 https://t.co/zfKyM7sjGI http://www.ccn-cert.cni.es/component/vulnerabilidades/view/33065.html | SombreroBlanc0 |
| 2022-01-31 21:33:51 | New post from https://t.co/uXvPWJy6tj (K59563964: Apache Log4j Remote Code Execution vulnerability CVE-2022-23302)… https://t.co/tge8QUqAuG http://www.sesin.at https://twitter.com/i/web/status/1488260872468316162 | WolfgangSesin |
| 2022-01-31 21:33:26 | New post from https://t.co/9KYxtdZR9T (K59563964: Apache Log4j Remote Code Execution vulnerability CVE-2022-23302)… https://t.co/uk75yQY9P4 http://www.sesin.at https://twitter.com/i/web/status/1488260877497532418 | www_sesin_at |
| 2022-01-28 09:03:25 | 🔴APACHE🔴 Múltiples vulnerabilidades de severidad alta en productos APACHE: CVE-2022-23305,CVE-2022-23302 Más inf… https://t.co/f3bbv6b4qW https://twitter.com/i/web/status/1486986166687748105 | GrupoICA_Ciber |
| 2022-01-28 03:19:45 | IT Risk: Execute Arbitrary Code/Commands https://t.co/lZZd1BWH7x https://t.co/ZdX40GFeiE CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 https://www.auscert.org.au/bulletins/ESB-2022.0385 https://www.suse.com/support/update/announcement/2022/suse-su-20220212-1 | management_sun |
| 2022-01-28 03:04:25 | IT Risk: Execute Arbitrary Code/Commands https://t.co/lZZd1BWH7x https://t.co/ZdX40GFeiE CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 https://www.auscert.org.au/bulletins/ESB-2022.0385 https://www.suse.com/support/update/announcement/2022/suse-su-20220212-1 | management_sun |
| 2022-01-28 02:47:41 | IT Risk: Execute Arbitrary Code/Commands https://t.co/lZZd1BWH7x https://t.co/ZdX40GFeiE CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 https://www.auscert.org.au/bulletins/ESB-2022.0385 https://www.suse.com/support/update/announcement/2022/suse-su-20220212-1 | management_sun |
| 2022-01-27 18:40:11 | New post from https://t.co/9KYxtdZjkl (CVE-2022-23302 (log4j)) has been published on https://t.co/CPYiOKjMP5 http://www.sesin.at https://www.sesin.at/2022/01/27/cve-2022-23302-log4j/ | www_sesin_at |
| 2022-01-27 18:40:08 | New post from https://t.co/uXvPWJy6tj (CVE-2022-23302 (log4j)) has been published on https://t.co/Muz9JSuhlP http://www.sesin.at https://www.sesin.at/2022/01/27/cve-2022-23302-log4j/ | WolfgangSesin |
| 2022-01-27 16:51:05 | 🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/lFa8CKbMcA https://twitter.com/i/web/status/1486741595647004679 | threatintelctr |
| 2022-01-27 03:12:58 | IT Risk: Red Hat.Parfait: 0.5 vulnerable -2/2 CVE-2022-23302 CVE-2021-4104 | management_sun |
| 2022-01-24 11:10:20 | [주의] Log 4j 1.x 버전도 취약점 (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) 임시조치... 등 https://t.co/y63sw22izm http://naver.me/GG4sSlXD | virusmyths |
| 2022-01-22 04:29:09 | Excited to have found my first CVE (CVE-2022-23302) researching Log4j 1.x with @MShudrak https://t.co/uyDFzyUOZF https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302 | _underh1ll |
| 2022-01-22 04:16:34 | Excited to have found my first CVE (CVE-2022-23302) researching Log4j 1.x with @MShudrak https://t.co/uyDFzyUOZF https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302 | _underh1ll |
| 2022-01-22 03:12:12 | Apache Log4j Multiple Security Vulnerability Notifications CVE-2022-23302 CVE-2022-23305 CVE-2022-23307… https://t.co/7JGXDd0HHR https://twitter.com/i/web/status/1484722806692593666 | vaexdanny |
| 2022-01-20 23:32:45 | CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert - https://t.co/F4uaPF0B6V https://securityonline.info/cve-2022-23302-apache-log4j-1-x-remote-code-execution-vulnerability-alert/ | moton |
| 2022-01-20 10:12:44 | CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert https://t.co/SE2FBuym1O https://securityonline.info/cve-2022-23302-apache-log4j-1-x-remote-code-execution-vulnerability-alert/ | netalexx |
| 2022-01-20 07:12:39 | CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert https://t.co/ZWmIP2a0cn https://securityonline.info/cve-2022-23302-apache-log4j-1-x-remote-code-execution-vulnerability-alert/ | Dinosn |
| 2022-01-20 04:21:51 | CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert https://t.co/ecVT1nvxog #opensource #infosec #security #pentest https://securityonline.info/cve-2022-23302-apache-log4j-1-x-remote-code-execution-vulnerability-alert/ | the_yellow_fall |
| 2022-01-20 04:21:13 | CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert https://t.co/YthJ4KuzJq https://t.co/Sr0Fw1ZoZZ http://dlvr.it/SHS4vq | AcooEdi |
| 2022-01-20 02:32:11 | Apache log4j反序列化与SQL注入漏洞(CVE-2022-23302/CVE-2022-23305/CVE-2022-23307)通告 https://t.co/chQUPMd1ay https://t.co/GkdwwukhPb https://ift.tt/3tFfwGX https://ift.tt/3GMEAQe | buaqbot |
| 2022-01-19 12:04:22 | とっくにEOLとなったLog4j 1.xに影響を与えるCVEを公開したとのこと。 CVE-2019-17571 CVE-2020-9488 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 C… https://t.co/KuxG71GOtv https://twitter.com/i/web/status/1483767009901150208 | yamadamn |
| 2022-01-18 20:41:05 | CVE-2022-23302 is called Unsettled Bug https://t.co/oyz6z72q0D https://nvd.nist.gov/vuln/detail/CVE-2022-23302 | vulnonym |
| 2022-01-18 18:12:11 | Log4j - CVE-2022-23302: https://t.co/S8FrDCEBcO https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w | LinInfoSec |
| 2022-01-18 18:01:47 | New post from https://t.co/uXvPWJy6tj (CVE-2022-23302) has been published on https://t.co/hbAGQIW4yc http://www.sesin.at https://www.sesin.at/2022/01/18/cve-2022-23302/ | WolfgangSesin |
| 2022-01-18 18:01:38 | New post from https://t.co/9KYxtdZjkl (CVE-2022-23302) has been published on https://t.co/VRRDfAfkrK http://www.sesin.at https://www.sesin.at/2022/01/18/cve-2022-23302/ | www_sesin_at |
| 2022-01-18 17:02:49 | Potentially Critical CVE Detected! CVE-2022-23302 Description: JMSSink in all versions of Log4j 1.x is vulnerable t… https://t.co/2bSb28SBHH https://twitter.com/i/web/status/1483483444227325960 | Robo_Alerts |
| 2022-01-18 16:55:22 | 🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/mMgyF7vKDb https://twitter.com/i/web/status/1483480104059736072 | threatintelctr |
| 2022-01-18 16:52:53 | CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the att… https://t.co/k6vTLeoMjA https://twitter.com/i/web/status/1483480591341428740 | CVEnew |
| 2022-01-18 15:41:08 | CVE-2022-23302 : JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the a… https://t.co/GmdopjEHT4 https://twitter.com/i/web/status/1483463677718192132 | CVEreport |
| 2022-01-17 22:30:17 | CVE-2022-23302 Apache Log4j 1 Dear Log4j community, While working on the... https://t.co/SOlKcVlX2y Don't wait v… https://t.co/Z8j1HMRHSr http://vulmon.com/vulnerabilitydetails?qid=CVE-2022-23302 https://twitter.com/i/web/status/1483203898160689154 | VulmonFeeds |