OPENSUSE-SU-2022:0214-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 27 Jan 2022, 14:51
Last modified:04 Feb 2026, 03:13
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 Jan 2022, 14:51
Published
Vulnerability first disclosed
04 Feb 2026, 03:13
Last Modified
Vulnerability information updated
Description
Security update for log4j This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. (bsc#1194844) - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. (bsc#1194843) - CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink. (bsc#1194842)
Affected Systems
- opensuse•log4j&distro=openSUSE Leap 15.3
< 1.2.17-5.9.1
References (7)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E4IIJDMYKSUHPR6X6ARBPWWQRNNXT4HI/
- https://bugzilla.suse.com/1194842
- https://bugzilla.suse.com/1194843
- https://bugzilla.suse.com/1194844
- https://www.suse.com/security/cve/CVE-2022-23302
- https://www.suse.com/security/cve/CVE-2022-23305
- https://www.suse.com/security/cve/CVE-2022-23307