RHSA-2022:0205: Moderate: Red Hat Data Grid 8.2.3 security update
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].Security Fix(es): log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:0205?
The severity of RHSA-2022:0205 has been classified as important.
How do I fix RHSA-2022:0205?
To fix RHSA-2022:0205, you should update to Data Grid version 8.2.3 or later.
What vulnerabilities are addressed in RHSA-2022:0205?
RHSA-2022:0205 addresses multiple vulnerabilities including memory corruption and Denial of Service risks.
Is RHSA-2022:0205 applicable to all Red Hat Data Grid installations?
RHSA-2022:0205 is applicable to all installations of Red Hat Data Grid version 8.2.2 and earlier.
What are the potential impacts of not resolving RHSA-2022:0205?
Not resolving RHSA-2022:0205 may lead to application downtime, data loss, and compromised system integrity.