What is CVE-2022-23302?

CVE-2022-23302 is a high-severity vulnerability in Log4j 1.x, specifically when configured to use JMSSink. This configuration can lead to the deserialization of untrusted data, potentially resulting in remote code execution.

Who is impacted by CVE-2022-23302?

This vulnerability affects users of Log4j 1.x with JMSSink configured, including all versions from 1.0.1 to 1.2.17. It also impacts certain NetApp products like Brocade SAN Navigator (SANnav).

What to do if CVE-2022-23302 affected you

If you're affected by the CVE-2022-23302 vulnerability, it's crucial to take action to mitigate its impact. To do this, follow these steps:

1. Upgrade to Log4j 2, which addresses numerous security issues from previous versions.

2. If upgrading is not possible, remove the usage of JMSSink from your Log4j 1.x configuration.

3. Stay updated with the latest security patches to avoid future vulnerabilities.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-23302 vulnerability, also known as "Deserialization of untrusted data in JMSSink in Apache Log4j 1.x," is not currently listed in CISA's Known Exploited Vulnerabilities Catalog. It was discovered on January 18, 2022, and users are advised to upgrade to Log4j 2 or remove the usage of JMSSink from their configurations to mitigate the risk.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data in Apache Log4j 1.x's JMSSink.

Learn More

For more information about the CVE-2022-23302 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

• Openwall discussion

• Apache Mail Archives

• Apache log4 1.2

• NetApp Product Security