CVE STALKER

CVE-2022-23302

CVSS
DESCRIPTIONJMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
HEAT SCORE136

WORDS

TWEETS

DATE TWEETS USER
2022-04-20 06:23:00🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/mVdxMJkUFY https://twitter.com/i/web/status/1516661255276490752threatintelctr
2022-04-20 04:20:40🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/W2BiXVnOIF https://twitter.com/i/web/status/1516631053938659330threatintelctr
2022-04-20 01:02:19🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/jksaZMwPYe https://twitter.com/i/web/status/1516578204252790789threatintelctr
2022-04-08 16:01:04New post from https://t.co/uXvPWJy6tj (CVE-2022-23302 (brocade_sannav, log4j, reload4j, snapmanager)) has been publ… https://t.co/Zom0VWblvC http://www.sesin.at https://twitter.com/i/web/status/1512457815155265543WolfgangSesin
2022-04-08 16:00:54New post from https://t.co/9KYxtdZjkl (CVE-2022-23302 (brocade_sannav, log4j, reload4j, snapmanager)) has been publ… https://t.co/D8FRWC0ukR http://www.sesin.at https://twitter.com/i/web/status/1512457838869860357www_sesin_at
2022-04-08 13:55:28🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/flD8GlwBGk https://twitter.com/i/web/status/1512425842147840012threatintelctr
2022-03-09 22:45:51@fpientka @ApacheLog4j Thank you for letting me know. For your information, CVE-2022-23302, CVE-2022-23305, CVE-2… https://t.co/8HdNVtzKh2 https://twitter.com/i/web/status/1501686798514364418ceki
2022-03-04 23:33:02New post from https://t.co/uXvPWJy6tj (CVE-2022-23302 (brocade_sannav, log4j, snapmanager)) has been published on https://t.co/VB5ifxXlHp http://www.sesin.at https://www.sesin.at/2022/03/05/cve-2022-23302-brocade_sannav-log4j-snapmanager/WolfgangSesin
2022-03-04 23:31:03New post from https://t.co/9KYxtdZjkl (CVE-2022-23302 (brocade_sannav, log4j, snapmanager)) has been published on https://t.co/X8fijYD1lz http://www.sesin.at https://www.sesin.at/2022/03/05/cve-2022-23302-brocade_sannav-log4j-snapmanager/www_sesin_at
2022-03-04 21:52:21🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/8uhLqajPID https://twitter.com/i/web/status/1499863058797281283threatintelctr
2022-03-03 16:00:11Log4j Ver.1系統も、2021/12以降だけでも複数の脆弱性情報(CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)が出ていて、対応せざるを得なかっ… https://t.co/1G73EaxDri https://twitter.com/i/web/status/1499413649269850113harugasumi
2022-02-24 12:50:11#log4hell : CVE-2022-23302 JMSSink dans toutes les versions de Log4j 1.x est vulnérable à la désérialisation des… https://t.co/yfjQgq8w5P https://twitter.com/i/web/status/1496828720140722193HaboubiAnis
2022-02-17 18:54:39🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/qWBdl9CqYE https://twitter.com/i/web/status/1494381943647084550threatintelctr
2022-02-10 09:30:41IT Risk: Red Hat.Multiple Vulnerabilities in JBoss Data Virtualization 6.4.8.SP1 -2/2 CVE-2022-23302 CVE-2022-23305 CVE-2022-2330management_sun
2022-02-09 23:11:27CVE-2022-23302 https://t.co/y6OVp9t3QU #HarsiaInfo https://har-sia.info/CVE-2022-23302.htmlHar_sia
2022-02-09 09:50:57IT Risk: Red Hat.Multiple Vulnerabilities in Single Sign-On 7.4.10 and Single Sign-On 7.5.1 -2/2 CVE-2022-23302 CVE… https://t.co/ClYJjyEZgA https://twitter.com/i/web/status/1491346153421815809management_sun
2022-02-09 09:45:00IT Risk: Red Hat.Single Sign-On 7.5.1に複数の脆弱性 -2/2 CVE-2021-3859 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307management_sun
2022-02-09 09:40:17IT Risk: Red Hat.Single Sign-On 7.4.10,Single Sign-On 7.5.1に複数の脆弱性 -2/2 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307management_sun
2022-02-09 09:10:15IT Risk: Red Hat.AMQ Streams 1.6.7に複数の脆弱性 -3/2 CVE-2021-4178 CVE-2021-44832 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307management_sun
2022-02-01 07:50:11K59563964: Apache Log4j Remote Code Execution vulnerability CVE-2022-23302 https://t.co/zfKyM7sjGI http://www.ccn-cert.cni.es/component/vulnerabilidades/view/33065.htmlSombreroBlanc0
2022-01-31 21:33:51New post from https://t.co/uXvPWJy6tj (K59563964: Apache Log4j Remote Code Execution vulnerability CVE-2022-23302)… https://t.co/tge8QUqAuG http://www.sesin.at https://twitter.com/i/web/status/1488260872468316162WolfgangSesin
2022-01-31 21:33:26New post from https://t.co/9KYxtdZR9T (K59563964: Apache Log4j Remote Code Execution vulnerability CVE-2022-23302)… https://t.co/uk75yQY9P4 http://www.sesin.at https://twitter.com/i/web/status/1488260877497532418www_sesin_at
2022-01-28 09:03:25🔴APACHE🔴 Múltiples vulnerabilidades de severidad alta en productos APACHE: CVE-2022-23305,CVE-2022-23302 Más inf… https://t.co/f3bbv6b4qW https://twitter.com/i/web/status/1486986166687748105GrupoICA_Ciber
2022-01-28 03:19:45IT Risk: Execute Arbitrary Code/Commands https://t.co/lZZd1BWH7x https://t.co/ZdX40GFeiE CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 https://www.auscert.org.au/bulletins/ESB-2022.0385 https://www.suse.com/support/update/announcement/2022/suse-su-20220212-1management_sun
2022-01-28 03:04:25IT Risk: Execute Arbitrary Code/Commands https://t.co/lZZd1BWH7x https://t.co/ZdX40GFeiE CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 https://www.auscert.org.au/bulletins/ESB-2022.0385 https://www.suse.com/support/update/announcement/2022/suse-su-20220212-1management_sun
2022-01-28 02:47:41IT Risk: Execute Arbitrary Code/Commands https://t.co/lZZd1BWH7x https://t.co/ZdX40GFeiE CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 https://www.auscert.org.au/bulletins/ESB-2022.0385 https://www.suse.com/support/update/announcement/2022/suse-su-20220212-1management_sun
2022-01-27 18:40:11New post from https://t.co/9KYxtdZjkl (CVE-2022-23302 (log4j)) has been published on https://t.co/CPYiOKjMP5 http://www.sesin.at https://www.sesin.at/2022/01/27/cve-2022-23302-log4j/www_sesin_at
2022-01-27 18:40:08New post from https://t.co/uXvPWJy6tj (CVE-2022-23302 (log4j)) has been published on https://t.co/Muz9JSuhlP http://www.sesin.at https://www.sesin.at/2022/01/27/cve-2022-23302-log4j/WolfgangSesin
2022-01-27 16:51:05🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/lFa8CKbMcA https://twitter.com/i/web/status/1486741595647004679threatintelctr
2022-01-27 03:12:58IT Risk: Red Hat.Parfait: 0.5 vulnerable -2/2 CVE-2022-23302 CVE-2021-4104management_sun
2022-01-24 11:10:20[주의] Log 4j 1.x 버전도 취약점 (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) 임시조치... 등 https://t.co/y63sw22izm http://naver.me/GG4sSlXDvirusmyths
2022-01-22 04:29:09Excited to have found my first CVE (CVE-2022-23302) researching Log4j 1.x with @MShudrak https://t.co/uyDFzyUOZF https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302_underh1ll
2022-01-22 04:16:34Excited to have found my first CVE (CVE-2022-23302) researching Log4j 1.x with @MShudrak https://t.co/uyDFzyUOZF https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302_underh1ll
2022-01-22 03:12:12Apache Log4j Multiple Security Vulnerability Notifications CVE-2022-23302 CVE-2022-23305 CVE-2022-23307… https://t.co/7JGXDd0HHR https://twitter.com/i/web/status/1484722806692593666vaexdanny
2022-01-20 23:32:45CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert - https://t.co/F4uaPF0B6V https://securityonline.info/cve-2022-23302-apache-log4j-1-x-remote-code-execution-vulnerability-alert/moton
2022-01-20 10:12:44CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert https://t.co/SE2FBuym1O https://securityonline.info/cve-2022-23302-apache-log4j-1-x-remote-code-execution-vulnerability-alert/netalexx
2022-01-20 07:12:39CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert https://t.co/ZWmIP2a0cn https://securityonline.info/cve-2022-23302-apache-log4j-1-x-remote-code-execution-vulnerability-alert/Dinosn
2022-01-20 04:21:51CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert https://t.co/ecVT1nvxog #opensource #infosec #security #pentest https://securityonline.info/cve-2022-23302-apache-log4j-1-x-remote-code-execution-vulnerability-alert/the_yellow_fall
2022-01-20 04:21:13CVE-2022-23302: Apache Log4j 1.x remote code execution vulnerability alert https://t.co/YthJ4KuzJq https://t.co/Sr0Fw1ZoZZ http://dlvr.it/SHS4vqAcooEdi
2022-01-20 02:32:11Apache log4j反序列化与SQL注入漏洞(CVE-2022-23302/CVE-2022-23305/CVE-2022-23307)通告 https://t.co/chQUPMd1ay https://t.co/GkdwwukhPb https://ift.tt/3tFfwGX https://ift.tt/3GMEAQebuaqbot
2022-01-19 12:04:22とっくにEOLとなったLog4j 1.xに影響を与えるCVEを公開したとのこと。 CVE-2019-17571 CVE-2020-9488 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 C… https://t.co/KuxG71GOtv https://twitter.com/i/web/status/1483767009901150208yamadamn
2022-01-18 20:41:05CVE-2022-23302 is called Unsettled Bug https://t.co/oyz6z72q0D https://nvd.nist.gov/vuln/detail/CVE-2022-23302vulnonym
2022-01-18 18:12:11Log4j - CVE-2022-23302: https://t.co/S8FrDCEBcO https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4wLinInfoSec
2022-01-18 18:01:47New post from https://t.co/uXvPWJy6tj (CVE-2022-23302) has been published on https://t.co/hbAGQIW4yc http://www.sesin.at https://www.sesin.at/2022/01/18/cve-2022-23302/WolfgangSesin
2022-01-18 18:01:38New post from https://t.co/9KYxtdZjkl (CVE-2022-23302) has been published on https://t.co/VRRDfAfkrK http://www.sesin.at https://www.sesin.at/2022/01/18/cve-2022-23302/www_sesin_at
2022-01-18 17:02:49Potentially Critical CVE Detected! CVE-2022-23302 Description: JMSSink in all versions of Log4j 1.x is vulnerable t… https://t.co/2bSb28SBHH https://twitter.com/i/web/status/1483483444227325960Robo_Alerts
2022-01-18 16:55:22🚨 NEW: CVE-2022-23302 🚨 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data whe… https://t.co/mMgyF7vKDb https://twitter.com/i/web/status/1483480104059736072threatintelctr
2022-01-18 16:52:53CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the att… https://t.co/k6vTLeoMjA https://twitter.com/i/web/status/1483480591341428740CVEnew
2022-01-18 15:41:08CVE-2022-23302 : JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the a… https://t.co/GmdopjEHT4 https://twitter.com/i/web/status/1483463677718192132CVEreport
2022-01-17 22:30:17CVE-2022-23302 Apache Log4j 1 Dear Log4j community, While working on the... https://t.co/SOlKcVlX2y Don't wait v… https://t.co/Z8j1HMRHSr http://vulmon.com/vulnerabilitydetails?qid=CVE-2022-23302 https://twitter.com/i/web/status/1483203898160689154VulmonFeeds