The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0291 advisory.
– log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
– log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
– log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
– log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More