CVE-2022-23305

critical

Published 2022-01-18 · Modified 2022-01-26

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

9.8

Description

RHSA-2022:0290: parfait:0.5 security update (Important)

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

AlmaLinux Fixed 1 release

Version	Status	Fixed in
8	Fixed	`uom-lib-1.0.1-6.module_el8.5.0+2610+de2b8c0b.noarch.rpm`

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`1.2.17-11`
sid	Fixed	`1.2.17-11`
forky	Fixed	`1.2.17-11`
bullseye	Fixed	`1.2.17-10+deb11u1`
bookworm	Fixed	`1.2.17-11`

Red Hat Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

Rocky Linux Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

Package impact

Ecosystem	Package	Vulnerable	Fixed
Maven	log4j:log4j	`<=1.2.17`
Maven	org.zenframework.z8.dependencies.commons:log4j-1.2.17	`<=2.0`

Application impact

Vendor	Product	Versions	Fixed
apache	log4j	`{"startIncluding":"1.2","endIncluding":"1.2.17"}`
netapp	snapmanager	`-`
broadcom	brocade_sannav	`-`
qos	reload4j	`{"endExcluding":"1.2.18.2"}`	`1.2.18.2`
oracle	advanced_supply_chain_planning	`12.1`
oracle	advanced_supply_chain_planning	`12.2`
oracle	business_intelligence	`5.9.0.0.0`
oracle	business_intelligence	`12.2.1.3.0`
oracle	business_intelligence	`12.2.1.4.0`
oracle	business_process_management_suite	`12.2.1.3.0`
oracle	business_process_management_suite	`12.2.1.4.0`
oracle	communications_eagle_ftp_table_base_retrieval	`4.5`
oracle	communications_instant_messaging_server	`10.0.1.5.0`
oracle	communications_messaging_server	`8.1`
oracle	communications_network_integrity	`7.3.6`
apache	log4j	`{"startIncluding":"1.2","endIncluding":"1.2.17"}`
netapp	snapmanager	`-`
broadcom	brocade_sannav	`-`
qos	reload4j	`{"endExcluding":"1.2.18.2"}`	`1.2.18.2`
oracle	advanced_supply_chain_planning	`12.1`
oracle	advanced_supply_chain_planning	`12.2`
oracle	business_intelligence	`5.9.0.0.0`
oracle	business_intelligence	`12.2.1.3.0`
oracle	business_intelligence	`12.2.1.4.0`
oracle	business_process_management_suite	`12.2.1.3.0`
oracle	business_process_management_suite	`12.2.1.4.0`
oracle	communications_eagle_ftp_table_base_retrieval	`4.5`
oracle	communications_instant_messaging_server	`10.0.1.5.0`
oracle	communications_messaging_server	`8.1`
oracle	communications_network_integrity	`7.3.6`
oracle	communications_offline_mediation_controller	`{"endExcluding":"12.0.0.4.4"}`	`12.0.0.4.4`
oracle	communications_offline_mediation_controller	`12.0.0.5.0`
oracle	communications_unified_inventory_management	`7.4.1`
oracle	communications_unified_inventory_management	`7.4.2`
oracle	e-business_suite_cloud_manager_and_cloud_backup_module	`{"endExcluding":"2.2.1.1.1"}`	`2.2.1.1.1`
oracle	e-business_suite_cloud_manager_and_cloud_backup_module	`2.2.1.1.1`
oracle	e-business_suite_information_discovery	`{"startIncluding":"12.2.3","endIncluding":"12.2.11"}`
oracle	enterprise_manager_base_platform	`13.4.0.0`
oracle	enterprise_manager_base_platform	`13.5.0.0`
oracle	financial_services_revenue_management_and_billing_analytics	`2.7.0.0`
oracle	financial_services_revenue_management_and_billing_analytics	`2.7.0.1`
oracle	financial_services_revenue_management_and_billing_analytics	`2.8.0.0`
oracle	healthcare_foundation	`8.1.0`
oracle	hyperion_data_relationship_management	`{"endExcluding":"11.2.8.0"}`	`11.2.8.0`
oracle	hyperion_infrastructure_technology	`{"endExcluding":"11.2.8.0"}`	`11.2.8.0`
oracle	identity_management_suite	`12.2.1.3.0`
oracle	identity_management_suite	`12.2.1.4.0`
oracle	identity_manager_connector	`11.1.1.5.0`
oracle	jdeveloper	`12.2.1.3.0`
oracle	middleware_common_libraries_and_tools	`12.2.1.4.0`
oracle	mysql_enterprise_monitor	`{"endIncluding":"8.0.29"}`
oracle	retail_extract_transform_and_load	`13.2.5`
oracle	tuxedo	`12.2.2.0.0`
oracle	weblogic_server	`12.2.1.3.0`
oracle	weblogic_server	`12.2.1.4.0`
oracle	weblogic_server	`14.1.1.0.0`
oracle	communications_offline_mediation_controller	`{"endExcluding":"12.0.0.4.4"}`	`12.0.0.4.4`
oracle	communications_offline_mediation_controller	`12.0.0.5.0`
oracle	communications_unified_inventory_management	`7.4.1`
oracle	communications_unified_inventory_management	`7.4.2`
oracle	e-business_suite_cloud_manager_and_cloud_backup_module	`{"endExcluding":"2.2.1.1.1"}`	`2.2.1.1.1`
oracle	e-business_suite_cloud_manager_and_cloud_backup_module	`2.2.1.1.1`
oracle	e-business_suite_information_discovery	`{"startIncluding":"12.2.3","endIncluding":"12.2.11"}`
oracle	enterprise_manager_base_platform	`13.4.0.0`
oracle	enterprise_manager_base_platform	`13.5.0.0`
oracle	financial_services_revenue_management_and_billing_analytics	`2.7.0.0`
oracle	financial_services_revenue_management_and_billing_analytics	`2.7.0.1`
oracle	financial_services_revenue_management_and_billing_analytics	`2.8.0.0`
oracle	healthcare_foundation	`8.1.0`
oracle	hyperion_data_relationship_management	`{"endExcluding":"11.2.8.0"}`	`11.2.8.0`
oracle	hyperion_infrastructure_technology	`{"endExcluding":"11.2.8.0"}`	`11.2.8.0`
oracle	identity_management_suite	`12.2.1.3.0`
oracle	identity_management_suite	`12.2.1.4.0`
oracle	identity_manager_connector	`11.1.1.5.0`
oracle	jdeveloper	`12.2.1.3.0`
oracle	middleware_common_libraries_and_tools	`12.2.1.4.0`
oracle	mysql_enterprise_monitor	`{"endIncluding":"8.0.29"}`
oracle	retail_extract_transform_and_load	`13.2.5`
oracle	tuxedo	`12.2.2.0.0`
oracle	weblogic_server	`12.2.1.3.0`
oracle	weblogic_server	`12.2.1.4.0`
oracle	weblogic_server	`14.1.1.0.0`

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.