Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jboss-as-weld@7.5.24-2.Final_redhat_00001.1.ep6?arch=el6
Typerpm
Namespaceredhat
Namejboss-as-weld
Version7.5.24-2.Final_redhat_00001.1.ep6
Qualifiers
arch el6
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1vfk-arae-ubha
vulnerability_id VCID-1vfk-arae-ubha
summary 
Deserialization of Untrusted Data in Log4j 1.x
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23302.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23302.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23302
reference_id
reference_type
scores
0
value 0.00647
scoring_system epss
scoring_elements 0.70817
published_at 2026-04-18T12:55:00Z
1
value 0.00647
scoring_system epss
scoring_elements 0.70758
published_at 2026-04-08T12:55:00Z
2
value 0.00647
scoring_system epss
scoring_elements 0.7081
published_at 2026-04-16T12:55:00Z
3
value 0.00647
scoring_system epss
scoring_elements 0.70765
published_at 2026-04-13T12:55:00Z
4
value 0.00647
scoring_system epss
scoring_elements 0.7078
published_at 2026-04-12T12:55:00Z
5
value 0.00647
scoring_system epss
scoring_elements 0.70796
published_at 2026-04-11T12:55:00Z
6
value 0.00647
scoring_system epss
scoring_elements 0.70774
published_at 2026-04-09T12:55:00Z
7
value 0.00647
scoring_system epss
scoring_elements 0.70718
published_at 2026-04-02T12:55:00Z
8
value 0.00647
scoring_system epss
scoring_elements 0.70737
published_at 2026-04-04T12:55:00Z
9
value 0.00647
scoring_system epss
scoring_elements 0.70713
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23302
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/logging-log4j1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/logging-log4j1
5
reference_url https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
6
reference_url https://logging.apache.org/log4j/1.2/index.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://logging.apache.org/log4j/1.2/index.html
7
reference_url https://security.netapp.com/advisory/ntap-20220217-0006
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220217-0006
8
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
9
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
10
reference_url http://www.openwall.com/lists/oss-security/2022/01/18/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/18/3
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482
reference_id 1004482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2041949
reference_id 2041949
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2041949
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23302
reference_id CVE-2022-23302
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23302
14
reference_url https://www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerability
reference_id CVE-2022-23302-DETECT-LOG4J-1217-VULNERABILITY
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerability
15
reference_url https://www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerability
reference_id CVE-2022-23302-MITIGATE-LOG4J-1217-VULNERABILITY
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerability
16
reference_url https://github.com/advisories/GHSA-w9p3-5cr8-m3jj
reference_id GHSA-w9p3-5cr8-m3jj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9p3-5cr8-m3jj
17
reference_url https://security.gentoo.org/glsa/202402-16
reference_id GLSA-202402-16
reference_type
scores
url https://security.gentoo.org/glsa/202402-16
18
reference_url https://access.redhat.com/errata/RHSA-2022:0289
reference_id RHSA-2022:0289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0289
19
reference_url https://access.redhat.com/errata/RHSA-2022:0290
reference_id RHSA-2022:0290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0290
20
reference_url https://access.redhat.com/errata/RHSA-2022:0291
reference_id RHSA-2022:0291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0291
21
reference_url https://access.redhat.com/errata/RHSA-2022:0294
reference_id RHSA-2022:0294
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0294
22
reference_url https://access.redhat.com/errata/RHSA-2022:0430
reference_id RHSA-2022:0430
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0430
23
reference_url https://access.redhat.com/errata/RHSA-2022:0435
reference_id RHSA-2022:0435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0435
24
reference_url https://access.redhat.com/errata/RHSA-2022:0436
reference_id RHSA-2022:0436
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0436
25
reference_url https://access.redhat.com/errata/RHSA-2022:0437
reference_id RHSA-2022:0437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0437
26
reference_url https://access.redhat.com/errata/RHSA-2022:0438
reference_id RHSA-2022:0438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0438
27
reference_url https://access.redhat.com/errata/RHSA-2022:0439
reference_id RHSA-2022:0439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0439
28
reference_url https://access.redhat.com/errata/RHSA-2022:0442
reference_id RHSA-2022:0442
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0442
29
reference_url https://access.redhat.com/errata/RHSA-2022:0444
reference_id RHSA-2022:0444
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0444
30
reference_url https://access.redhat.com/errata/RHSA-2022:0445
reference_id RHSA-2022:0445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0445
31
reference_url https://access.redhat.com/errata/RHSA-2022:0446
reference_id RHSA-2022:0446
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0446
32
reference_url https://access.redhat.com/errata/RHSA-2022:0447
reference_id RHSA-2022:0447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0447
33
reference_url https://access.redhat.com/errata/RHSA-2022:0448
reference_id RHSA-2022:0448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0448
34
reference_url https://access.redhat.com/errata/RHSA-2022:0449
reference_id RHSA-2022:0449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0449
35
reference_url https://access.redhat.com/errata/RHSA-2022:0450
reference_id RHSA-2022:0450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0450
36
reference_url https://access.redhat.com/errata/RHSA-2022:0467
reference_id RHSA-2022:0467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0467
37
reference_url https://access.redhat.com/errata/RHSA-2022:0469
reference_id RHSA-2022:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0469
38
reference_url https://access.redhat.com/errata/RHSA-2022:0475
reference_id RHSA-2022:0475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0475
39
reference_url https://access.redhat.com/errata/RHSA-2022:0497
reference_id RHSA-2022:0497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0497
40
reference_url https://access.redhat.com/errata/RHSA-2022:0507
reference_id RHSA-2022:0507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0507
41
reference_url https://access.redhat.com/errata/RHSA-2022:0524
reference_id RHSA-2022:0524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0524
42
reference_url https://access.redhat.com/errata/RHSA-2022:0527
reference_id RHSA-2022:0527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0527
43
reference_url https://access.redhat.com/errata/RHSA-2022:0553
reference_id RHSA-2022:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0553
44
reference_url https://access.redhat.com/errata/RHSA-2022:0661
reference_id RHSA-2022:0661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0661
45
reference_url https://access.redhat.com/errata/RHSA-2022:1296
reference_id RHSA-2022:1296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1296
46
reference_url https://access.redhat.com/errata/RHSA-2022:1297
reference_id RHSA-2022:1297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1297
47
reference_url https://access.redhat.com/errata/RHSA-2022:1299
reference_id RHSA-2022:1299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1299
48
reference_url https://access.redhat.com/errata/RHSA-2022:5458
reference_id RHSA-2022:5458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5458
49
reference_url https://access.redhat.com/errata/RHSA-2022:5459
reference_id RHSA-2022:5459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5459
50
reference_url https://access.redhat.com/errata/RHSA-2022:5460
reference_id RHSA-2022:5460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5460
51
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
52
reference_url https://usn.ubuntu.com/5998-1/
reference_id USN-5998-1
reference_type
scores
url https://usn.ubuntu.com/5998-1/
53
reference_url https://usn.ubuntu.com/7590-1/
reference_id USN-7590-1
reference_type
scores
url https://usn.ubuntu.com/7590-1/
fixed_packages
aliases CVE-2022-23302, GHSA-w9p3-5cr8-m3jj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfk-arae-ubha
1
url VCID-698m-2hju-2qcv
vulnerability_id VCID-698m-2hju-2qcv
summary 
Deserialization of Untrusted Data
JMSAppender in Log4j is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide `TopicBindingName` and `TopicConnectionFactoryBindingName` configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j when specifically configured to use JMSAppender, which is not the default. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4104
reference_id
reference_type
scores
0
value 0.69284
scoring_system epss
scoring_elements 0.98648
published_at 2026-04-13T12:55:00Z
1
value 0.69284
scoring_system epss
scoring_elements 0.98647
published_at 2026-04-12T12:55:00Z
2
value 0.69284
scoring_system epss
scoring_elements 0.98646
published_at 2026-04-11T12:55:00Z
3
value 0.69284
scoring_system epss
scoring_elements 0.98644
published_at 2026-04-09T12:55:00Z
4
value 0.69284
scoring_system epss
scoring_elements 0.98643
published_at 2026-04-08T12:55:00Z
5
value 0.69284
scoring_system epss
scoring_elements 0.98653
published_at 2026-04-18T12:55:00Z
6
value 0.69284
scoring_system epss
scoring_elements 0.98651
published_at 2026-04-16T12:55:00Z
7
value 0.69284
scoring_system epss
scoring_elements 0.98639
published_at 2026-04-04T12:55:00Z
8
value 0.69284
scoring_system epss
scoring_elements 0.98635
published_at 2026-04-02T12:55:00Z
9
value 0.69284
scoring_system epss
scoring_elements 0.98633
published_at 2026-04-01T12:55:00Z
10
value 0.69284
scoring_system epss
scoring_elements 0.98641
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4104
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/logging-log4j2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/logging-log4j2
5
reference_url https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
6
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
7
reference_url https://security.gentoo.org/glsa/202209-02
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202209-02
8
reference_url https://security.gentoo.org/glsa/202310-16
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202310-16
9
reference_url https://security.gentoo.org/glsa/202312-04
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202312-04
10
reference_url https://security.netapp.com/advisory/ntap-20211223-0007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211223-0007
11
reference_url https://security.netapp.com/advisory/ntap-20211223-0007/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20211223-0007/
12
reference_url https://www.cve.org/CVERecord?id=CVE-2021-44228
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cve.org/CVERecord?id=CVE-2021-44228
13
reference_url https://www.kb.cert.org/vuls/id/930724
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/930724
14
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
15
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
16
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
17
reference_url http://www.openwall.com/lists/oss-security/2022/01/18/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/18/3
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2031667
reference_id 2031667
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2031667
19
reference_url https://access.redhat.com/security/cve/CVE-2021-4104
reference_id CVE-2021-4104
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-4104
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4104
reference_id CVE-2021-4104
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4104
21
reference_url https://github.com/advisories/GHSA-fp5r-v3w9-4333
reference_id GHSA-fp5r-v3w9-4333
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fp5r-v3w9-4333
22
reference_url https://security.gentoo.org/glsa/202312-02
reference_id GLSA-202312-02
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202312-02
23
reference_url https://access.redhat.com/errata/RHSA-2021:5107
reference_id RHSA-2021:5107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5107
24
reference_url https://access.redhat.com/errata/RHSA-2021:5141
reference_id RHSA-2021:5141
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5141
25
reference_url https://access.redhat.com/errata/RHSA-2021:5148
reference_id RHSA-2021:5148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5148
26
reference_url https://access.redhat.com/errata/RHSA-2021:5183
reference_id RHSA-2021:5183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5183
27
reference_url https://access.redhat.com/errata/RHSA-2021:5184
reference_id RHSA-2021:5184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5184
28
reference_url https://access.redhat.com/errata/RHSA-2021:5186
reference_id RHSA-2021:5186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5186
29
reference_url https://access.redhat.com/errata/RHSA-2021:5206
reference_id RHSA-2021:5206
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5206
30
reference_url https://access.redhat.com/errata/RHSA-2021:5269
reference_id RHSA-2021:5269
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5269
31
reference_url https://access.redhat.com/errata/RHSA-2022:0289
reference_id RHSA-2022:0289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0289
32
reference_url https://access.redhat.com/errata/RHSA-2022:0290
reference_id RHSA-2022:0290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0290
33
reference_url https://access.redhat.com/errata/RHSA-2022:0291
reference_id RHSA-2022:0291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0291
34
reference_url https://access.redhat.com/errata/RHSA-2022:0294
reference_id RHSA-2022:0294
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0294
35
reference_url https://access.redhat.com/errata/RHSA-2022:0430
reference_id RHSA-2022:0430
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0430
36
reference_url https://access.redhat.com/errata/RHSA-2022:0435
reference_id RHSA-2022:0435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0435
37
reference_url https://access.redhat.com/errata/RHSA-2022:0436
reference_id RHSA-2022:0436
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0436
38
reference_url https://access.redhat.com/errata/RHSA-2022:0437
reference_id RHSA-2022:0437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0437
39
reference_url https://access.redhat.com/errata/RHSA-2022:0438
reference_id RHSA-2022:0438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0438
40
reference_url https://access.redhat.com/errata/RHSA-2022:0444
reference_id RHSA-2022:0444
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0444
41
reference_url https://access.redhat.com/errata/RHSA-2022:0445
reference_id RHSA-2022:0445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0445
42
reference_url https://access.redhat.com/errata/RHSA-2022:0446
reference_id RHSA-2022:0446
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0446
43
reference_url https://access.redhat.com/errata/RHSA-2022:0447
reference_id RHSA-2022:0447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0447
44
reference_url https://access.redhat.com/errata/RHSA-2022:0448
reference_id RHSA-2022:0448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0448
45
reference_url https://access.redhat.com/errata/RHSA-2022:0449
reference_id RHSA-2022:0449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0449
46
reference_url https://access.redhat.com/errata/RHSA-2022:0450
reference_id RHSA-2022:0450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0450
47
reference_url https://access.redhat.com/errata/RHSA-2022:0475
reference_id RHSA-2022:0475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0475
48
reference_url https://access.redhat.com/errata/RHSA-2022:0497
reference_id RHSA-2022:0497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0497
49
reference_url https://access.redhat.com/errata/RHSA-2022:0507
reference_id RHSA-2022:0507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0507
50
reference_url https://access.redhat.com/errata/RHSA-2022:0524
reference_id RHSA-2022:0524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0524
51
reference_url https://access.redhat.com/errata/RHSA-2022:0527
reference_id RHSA-2022:0527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0527
52
reference_url https://access.redhat.com/errata/RHSA-2022:0553
reference_id RHSA-2022:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0553
53
reference_url https://access.redhat.com/errata/RHSA-2022:0661
reference_id RHSA-2022:0661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0661
54
reference_url https://access.redhat.com/errata/RHSA-2022:1296
reference_id RHSA-2022:1296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1296
55
reference_url https://access.redhat.com/errata/RHSA-2022:1297
reference_id RHSA-2022:1297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1297
56
reference_url https://access.redhat.com/errata/RHSA-2022:1299
reference_id RHSA-2022:1299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1299
57
reference_url https://access.redhat.com/errata/RHSA-2022:5458
reference_id RHSA-2022:5458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5458
58
reference_url https://access.redhat.com/errata/RHSA-2022:5459
reference_id RHSA-2022:5459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5459
59
reference_url https://access.redhat.com/errata/RHSA-2022:5460
reference_id RHSA-2022:5460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5460
60
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
61
reference_url https://usn.ubuntu.com/5223-1/
reference_id USN-5223-1
reference_type
scores
url https://usn.ubuntu.com/5223-1/
62
reference_url https://usn.ubuntu.com/USN-5223-2/
reference_id USN-USN-5223-2
reference_type
scores
url https://usn.ubuntu.com/USN-5223-2/
fixed_packages
aliases CVE-2021-4104, GHSA-fp5r-v3w9-4333
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-698m-2hju-2qcv
2
url VCID-9k99-jzq8-fyge
vulnerability_id VCID-9k99-jzq8-fyge
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
By design, the JDBCAppender in Log4j accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j when specifically configured to use the JDBCAppender, which is not the default. Beginning, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23305.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23305.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23305
reference_id
reference_type
scores
0
value 0.07951
scoring_system epss
scoring_elements 0.92074
published_at 2026-04-18T12:55:00Z
1
value 0.07951
scoring_system epss
scoring_elements 0.92077
published_at 2026-04-16T12:55:00Z
2
value 0.07951
scoring_system epss
scoring_elements 0.92069
published_at 2026-04-12T12:55:00Z
3
value 0.07951
scoring_system epss
scoring_elements 0.92045
published_at 2026-04-04T12:55:00Z
4
value 0.07951
scoring_system epss
scoring_elements 0.92065
published_at 2026-04-13T12:55:00Z
5
value 0.07951
scoring_system epss
scoring_elements 0.92062
published_at 2026-04-08T12:55:00Z
6
value 0.07951
scoring_system epss
scoring_elements 0.9205
published_at 2026-04-07T12:55:00Z
7
value 0.07951
scoring_system epss
scoring_elements 0.92037
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23305
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/logging-log4j1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/logging-log4j1
5
reference_url https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
6
reference_url https://logging.apache.org/log4j/1.2/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://logging.apache.org/log4j/1.2/index.html
7
reference_url https://security.netapp.com/advisory/ntap-20220217-0007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220217-0007
8
reference_url https://security.netapp.com/advisory/ntap-20220217-0007/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220217-0007/
9
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url http://www.openwall.com/lists/oss-security/2022/01/18/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/18/4
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482
reference_id 1004482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2041959
reference_id 2041959
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2041959
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23305
reference_id CVE-2022-23305
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23305
15
reference_url https://github.com/advisories/GHSA-65fg-84f6-3jq3
reference_id GHSA-65fg-84f6-3jq3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65fg-84f6-3jq3
16
reference_url https://security.gentoo.org/glsa/202402-16
reference_id GLSA-202402-16
reference_type
scores
url https://security.gentoo.org/glsa/202402-16
17
reference_url https://access.redhat.com/errata/RHSA-2022:0289
reference_id RHSA-2022:0289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0289
18
reference_url https://access.redhat.com/errata/RHSA-2022:0290
reference_id RHSA-2022:0290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0290
19
reference_url https://access.redhat.com/errata/RHSA-2022:0291
reference_id RHSA-2022:0291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0291
20
reference_url https://access.redhat.com/errata/RHSA-2022:0294
reference_id RHSA-2022:0294
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0294
21
reference_url https://access.redhat.com/errata/RHSA-2022:0430
reference_id RHSA-2022:0430
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0430
22
reference_url https://access.redhat.com/errata/RHSA-2022:0435
reference_id RHSA-2022:0435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0435
23
reference_url https://access.redhat.com/errata/RHSA-2022:0436
reference_id RHSA-2022:0436
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0436
24
reference_url https://access.redhat.com/errata/RHSA-2022:0437
reference_id RHSA-2022:0437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0437
25
reference_url https://access.redhat.com/errata/RHSA-2022:0438
reference_id RHSA-2022:0438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0438
26
reference_url https://access.redhat.com/errata/RHSA-2022:0439
reference_id RHSA-2022:0439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0439
27
reference_url https://access.redhat.com/errata/RHSA-2022:0442
reference_id RHSA-2022:0442
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0442
28
reference_url https://access.redhat.com/errata/RHSA-2022:0444
reference_id RHSA-2022:0444
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0444
29
reference_url https://access.redhat.com/errata/RHSA-2022:0445
reference_id RHSA-2022:0445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0445
30
reference_url https://access.redhat.com/errata/RHSA-2022:0446
reference_id RHSA-2022:0446
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0446
31
reference_url https://access.redhat.com/errata/RHSA-2022:0447
reference_id RHSA-2022:0447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0447
32
reference_url https://access.redhat.com/errata/RHSA-2022:0448
reference_id RHSA-2022:0448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0448
33
reference_url https://access.redhat.com/errata/RHSA-2022:0449
reference_id RHSA-2022:0449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0449
34
reference_url https://access.redhat.com/errata/RHSA-2022:0450
reference_id RHSA-2022:0450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0450
35
reference_url https://access.redhat.com/errata/RHSA-2022:0467
reference_id RHSA-2022:0467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0467
36
reference_url https://access.redhat.com/errata/RHSA-2022:0469
reference_id RHSA-2022:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0469
37
reference_url https://access.redhat.com/errata/RHSA-2022:0475
reference_id RHSA-2022:0475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0475
38
reference_url https://access.redhat.com/errata/RHSA-2022:0497
reference_id RHSA-2022:0497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0497
39
reference_url https://access.redhat.com/errata/RHSA-2022:0507
reference_id RHSA-2022:0507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0507
40
reference_url https://access.redhat.com/errata/RHSA-2022:0524
reference_id RHSA-2022:0524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0524
41
reference_url https://access.redhat.com/errata/RHSA-2022:0527
reference_id RHSA-2022:0527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0527
42
reference_url https://access.redhat.com/errata/RHSA-2022:0553
reference_id RHSA-2022:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0553
43
reference_url https://access.redhat.com/errata/RHSA-2022:0661
reference_id RHSA-2022:0661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0661
44
reference_url https://access.redhat.com/errata/RHSA-2022:1296
reference_id RHSA-2022:1296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1296
45
reference_url https://access.redhat.com/errata/RHSA-2022:1297
reference_id RHSA-2022:1297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1297
46
reference_url https://access.redhat.com/errata/RHSA-2022:1299
reference_id RHSA-2022:1299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1299
47
reference_url https://access.redhat.com/errata/RHSA-2022:5458
reference_id RHSA-2022:5458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5458
48
reference_url https://access.redhat.com/errata/RHSA-2022:5459
reference_id RHSA-2022:5459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5459
49
reference_url https://access.redhat.com/errata/RHSA-2022:5460
reference_id RHSA-2022:5460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5460
50
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
51
reference_url https://usn.ubuntu.com/5998-1/
reference_id USN-5998-1
reference_type
scores
url https://usn.ubuntu.com/5998-1/
52
reference_url https://usn.ubuntu.com/7590-1/
reference_id USN-7590-1
reference_type
scores
url https://usn.ubuntu.com/7590-1/
fixed_packages
aliases CVE-2022-23305, GHSA-65fg-84f6-3jq3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9k99-jzq8-fyge
3
url VCID-bbq3-tx7c-yucn
vulnerability_id VCID-bbq3-tx7c-yucn
summary This advisory has been marked as False Positive and removed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23307
reference_id
reference_type
scores
0
value 0.02155
scoring_system epss
scoring_elements 0.84288
published_at 2026-04-18T12:55:00Z
1
value 0.02155
scoring_system epss
scoring_elements 0.84287
published_at 2026-04-16T12:55:00Z
2
value 0.02155
scoring_system epss
scoring_elements 0.84265
published_at 2026-04-13T12:55:00Z
3
value 0.02155
scoring_system epss
scoring_elements 0.84268
published_at 2026-04-12T12:55:00Z
4
value 0.02155
scoring_system epss
scoring_elements 0.84273
published_at 2026-04-11T12:55:00Z
5
value 0.02155
scoring_system epss
scoring_elements 0.84256
published_at 2026-04-09T12:55:00Z
6
value 0.02155
scoring_system epss
scoring_elements 0.84249
published_at 2026-04-08T12:55:00Z
7
value 0.02155
scoring_system epss
scoring_elements 0.84227
published_at 2026-04-07T12:55:00Z
8
value 0.02155
scoring_system epss
scoring_elements 0.84226
published_at 2026-04-04T12:55:00Z
9
value 0.02155
scoring_system epss
scoring_elements 0.84208
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23307
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh
5
reference_url https://logging.apache.org/log4j/1.2/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://logging.apache.org/log4j/1.2/index.html
6
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
7
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482
reference_id 1004482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2041967
reference_id 2041967
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2041967
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23307
reference_id CVE-2022-23307
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23307
11
reference_url https://github.com/advisories/GHSA-f7vh-qwp3-x37m
reference_id GHSA-f7vh-qwp3-x37m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7vh-qwp3-x37m
12
reference_url https://access.redhat.com/errata/RHSA-2022:0289
reference_id RHSA-2022:0289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0289
13
reference_url https://access.redhat.com/errata/RHSA-2022:0290
reference_id RHSA-2022:0290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0290
14
reference_url https://access.redhat.com/errata/RHSA-2022:0291
reference_id RHSA-2022:0291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0291
15
reference_url https://access.redhat.com/errata/RHSA-2022:0294
reference_id RHSA-2022:0294
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0294
16
reference_url https://access.redhat.com/errata/RHSA-2022:0430
reference_id RHSA-2022:0430
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0430
17
reference_url https://access.redhat.com/errata/RHSA-2022:0435
reference_id RHSA-2022:0435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0435
18
reference_url https://access.redhat.com/errata/RHSA-2022:0436
reference_id RHSA-2022:0436
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0436
19
reference_url https://access.redhat.com/errata/RHSA-2022:0437
reference_id RHSA-2022:0437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0437
20
reference_url https://access.redhat.com/errata/RHSA-2022:0438
reference_id RHSA-2022:0438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0438
21
reference_url https://access.redhat.com/errata/RHSA-2022:0439
reference_id RHSA-2022:0439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0439
22
reference_url https://access.redhat.com/errata/RHSA-2022:0442
reference_id RHSA-2022:0442
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0442
23
reference_url https://access.redhat.com/errata/RHSA-2022:0444
reference_id RHSA-2022:0444
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0444
24
reference_url https://access.redhat.com/errata/RHSA-2022:0445
reference_id RHSA-2022:0445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0445
25
reference_url https://access.redhat.com/errata/RHSA-2022:0446
reference_id RHSA-2022:0446
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0446
26
reference_url https://access.redhat.com/errata/RHSA-2022:0447
reference_id RHSA-2022:0447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0447
27
reference_url https://access.redhat.com/errata/RHSA-2022:0448
reference_id RHSA-2022:0448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0448
28
reference_url https://access.redhat.com/errata/RHSA-2022:0449
reference_id RHSA-2022:0449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0449
29
reference_url https://access.redhat.com/errata/RHSA-2022:0450
reference_id RHSA-2022:0450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0450
30
reference_url https://access.redhat.com/errata/RHSA-2022:0467
reference_id RHSA-2022:0467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0467
31
reference_url https://access.redhat.com/errata/RHSA-2022:0469
reference_id RHSA-2022:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0469
32
reference_url https://access.redhat.com/errata/RHSA-2022:0475
reference_id RHSA-2022:0475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0475
33
reference_url https://access.redhat.com/errata/RHSA-2022:0497
reference_id RHSA-2022:0497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0497
34
reference_url https://access.redhat.com/errata/RHSA-2022:0507
reference_id RHSA-2022:0507
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0507
35
reference_url https://access.redhat.com/errata/RHSA-2022:0524
reference_id RHSA-2022:0524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0524
36
reference_url https://access.redhat.com/errata/RHSA-2022:0527
reference_id RHSA-2022:0527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0527
37
reference_url https://access.redhat.com/errata/RHSA-2022:0553
reference_id RHSA-2022:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0553
38
reference_url https://access.redhat.com/errata/RHSA-2022:0661
reference_id RHSA-2022:0661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0661
39
reference_url https://access.redhat.com/errata/RHSA-2022:1296
reference_id RHSA-2022:1296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1296
40
reference_url https://access.redhat.com/errata/RHSA-2022:1297
reference_id RHSA-2022:1297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1297
41
reference_url https://access.redhat.com/errata/RHSA-2022:1299
reference_id RHSA-2022:1299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1299
42
reference_url https://access.redhat.com/errata/RHSA-2022:5458
reference_id RHSA-2022:5458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5458
43
reference_url https://access.redhat.com/errata/RHSA-2022:5459
reference_id RHSA-2022:5459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5459
44
reference_url https://access.redhat.com/errata/RHSA-2022:5460
reference_id RHSA-2022:5460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5460
45
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
46
reference_url https://usn.ubuntu.com/5998-1/
reference_id USN-5998-1
reference_type
scores
url https://usn.ubuntu.com/5998-1/
47
reference_url https://usn.ubuntu.com/7590-1/
reference_id USN-7590-1
reference_type
scores
url https://usn.ubuntu.com/7590-1/
fixed_packages
aliases CVE-2022-23307, GHSA-f7vh-qwp3-x37m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbq3-tx7c-yucn
4
url VCID-h1pw-28zg-mkae
vulnerability_id VCID-h1pw-28zg-mkae
summary jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14384.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14384.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14384
reference_id
reference_type
scores
0
value 0.00325
scoring_system epss
scoring_elements 0.55417
published_at 2026-04-01T12:55:00Z
1
value 0.00325
scoring_system epss
scoring_elements 0.55529
published_at 2026-04-02T12:55:00Z
2
value 0.00325
scoring_system epss
scoring_elements 0.55554
published_at 2026-04-04T12:55:00Z
3
value 0.00325
scoring_system epss
scoring_elements 0.55531
published_at 2026-04-07T12:55:00Z
4
value 0.00325
scoring_system epss
scoring_elements 0.55582
published_at 2026-04-08T12:55:00Z
5
value 0.00325
scoring_system epss
scoring_elements 0.55584
published_at 2026-04-09T12:55:00Z
6
value 0.00325
scoring_system epss
scoring_elements 0.55594
published_at 2026-04-11T12:55:00Z
7
value 0.00325
scoring_system epss
scoring_elements 0.55573
published_at 2026-04-12T12:55:00Z
8
value 0.00325
scoring_system epss
scoring_elements 0.55556
published_at 2026-04-13T12:55:00Z
9
value 0.00325
scoring_system epss
scoring_elements 0.55593
published_at 2026-04-16T12:55:00Z
10
value 0.00325
scoring_system epss
scoring_elements 0.55596
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14384
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1875176
reference_id 1875176
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1875176
3
reference_url https://access.redhat.com/errata/RHSA-2020:3730
reference_id RHSA-2020:3730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3730
4
reference_url https://access.redhat.com/errata/RHSA-2020:3731
reference_id RHSA-2020:3731
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3731
5
reference_url https://access.redhat.com/errata/RHSA-2022:5458
reference_id RHSA-2022:5458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5458
6
reference_url https://access.redhat.com/errata/RHSA-2022:5459
reference_id RHSA-2022:5459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5459
7
reference_url https://access.redhat.com/errata/RHSA-2022:5460
reference_id RHSA-2022:5460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5460
fixed_packages
aliases CVE-2020-14384
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1pw-28zg-mkae
5
url VCID-nvbx-q971-skgm
vulnerability_id VCID-nvbx-q971-skgm
summary The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13935
reference_id
reference_type
scores
0
value 0.91745
scoring_system epss
scoring_elements 0.99684
published_at 2026-04-09T12:55:00Z
1
value 0.91745
scoring_system epss
scoring_elements 0.99688
published_at 2026-04-18T12:55:00Z
2
value 0.91745
scoring_system epss
scoring_elements 0.99687
published_at 2026-04-16T12:55:00Z
3
value 0.91745
scoring_system epss
scoring_elements 0.99685
published_at 2026-04-13T12:55:00Z
4
value 0.91745
scoring_system epss
scoring_elements 0.99683
published_at 2026-04-07T12:55:00Z
5
value 0.91745
scoring_system epss
scoring_elements 0.99682
published_at 2026-04-04T12:55:00Z
6
value 0.91745
scoring_system epss
scoring_elements 0.99681
published_at 2026-04-02T12:55:00Z
7
value 0.91745
scoring_system epss
scoring_elements 0.9968
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13935
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
6
reference_url https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
7
reference_url https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3
8
reference_url https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d
9
reference_url https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784
10
reference_url https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84
11
reference_url https://kc.mcafee.com/corporate/index?page=content&id=SB10332
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kc.mcafee.com/corporate/index?page=content&id=SB10332
12
reference_url https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E
14
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html
15
reference_url https://security.netapp.com/advisory/ntap-20200724-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200724-0003
16
reference_url https://security.netapp.com/advisory/ntap-20200724-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200724-0003/
17
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
18
reference_url https://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-7.html
19
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
20
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
21
reference_url https://usn.ubuntu.com/4448-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4448-1
22
reference_url https://usn.ubuntu.com/4448-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4448-1/
23
reference_url https://usn.ubuntu.com/4596-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4596-1
24
reference_url https://usn.ubuntu.com/4596-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4596-1/
25
reference_url https://www.debian.org/security/2020/dsa-4727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4727
26
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
27
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
28
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
29
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
30
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
31
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
32
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857024
reference_id 1857024
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857024
34
reference_url https://security.archlinux.org/AVG-1205
reference_id AVG-1205
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1205
35
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
reference_id CVE-2020-13935
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
36
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13935
reference_id CVE-2020-13935
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13935
37
reference_url https://github.com/advisories/GHSA-m7jv-hq7h-mq7c
reference_id GHSA-m7jv-hq7h-mq7c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m7jv-hq7h-mq7c
38
reference_url https://access.redhat.com/errata/RHSA-2020:3303
reference_id RHSA-2020:3303
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3303
39
reference_url https://access.redhat.com/errata/RHSA-2020:3305
reference_id RHSA-2020:3305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3305
40
reference_url https://access.redhat.com/errata/RHSA-2020:3306
reference_id RHSA-2020:3306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3306
41
reference_url https://access.redhat.com/errata/RHSA-2020:3308
reference_id RHSA-2020:3308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3308
42
reference_url https://access.redhat.com/errata/RHSA-2020:3382
reference_id RHSA-2020:3382
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3382
43
reference_url https://access.redhat.com/errata/RHSA-2020:3383
reference_id RHSA-2020:3383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3383
44
reference_url https://access.redhat.com/errata/RHSA-2020:3806
reference_id RHSA-2020:3806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3806
45
reference_url https://access.redhat.com/errata/RHSA-2020:4004
reference_id RHSA-2020:4004
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4004
46
reference_url https://access.redhat.com/errata/RHSA-2022:5458
reference_id RHSA-2022:5458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5458
47
reference_url https://access.redhat.com/errata/RHSA-2022:5459
reference_id RHSA-2022:5459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5459
48
reference_url https://access.redhat.com/errata/RHSA-2022:5460
reference_id RHSA-2022:5460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5460
fixed_packages
aliases CVE-2020-13935, GHSA-m7jv-hq7h-mq7c
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvbx-q971-skgm
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jboss-as-weld@7.5.24-2.Final_redhat_00001.1.ep6%3Farch=el6