Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache log4j vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-26464
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component...
Apache Log4j
9.8
CVSSv3
CVE-2020-9493
A deserialization flaw was found in Apache Chainsaw versions before 2.1.0 which could lead to malicious code execution.
Apache Chainsaw
Apache Log4j
Qos Reload4j
9.8
CVSSv3
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j...
Apache Log4j
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Opensuse Leap 15.1
Netapp Oncommand System Manager
Netapp Oncommand Workflow Automation -
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Network Integrity
Oracle Endeca Information Discovery Studio 3.2.0
Oracle Financial Services Lending And Leasing
14 Github repositories
1 Article
8.8
CVSSv3
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Apache Chainsaw
Apache Log4j
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
Oracle Communications Instant Messaging Server 10.0.1.5.0
1 Github repository
1 Article
8.8
CVSSv3
CVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBi...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
2 Articles
8.8
CVSSv3
CVE-2021-3100
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
Amazon Log4jhotpatch
1 Article
9.8
CVSSv3
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows malicious users to manipulate the SQL by ent...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Advanced Supply Chain Planning 12.1
Oracle Advanced Supply Chain Planning 12.2
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
2 Github repositories
1 Article
8.8
CVSSv3
CVE-2022-0070
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.
Amazon Log4jhotpatch
1 Article
7.5
CVSSv3
CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests t...
Apache Log4j 1.2
Fedoraproject Fedora 35
Redhat Codeready Studio 12.0
Redhat Integration Camel K -
Redhat Integration Camel Quarkus -
Redhat Jboss A-mq 6.0.0
Redhat Jboss A-mq 7
Redhat Jboss A-mq Streaming -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Data Virtualization 6.0.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 7.0
9 Github repositories
9
CVSSv3
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with...
Apache Log4j
Apache Log4j 2.0
Cvat Computer Vision Annotation Tool -
Intel Audio Development Kit -
Intel Datacenter Manager -
Intel Genomics Kernel Library -
Intel Oneapi -
Intel Secure Device Onboard -
Intel Sensor Solution Firmware Development Kit -
Intel System Debugger -
Intel System Studio -
Siemens Sppa-t3000 Ses3000 Firmware
127 Github repositories
9 Articles
Preferred Score:
CVSSv4
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
local file inclusion
dcmtk
CVE-2025-24813
CVE-2023-52315
directory listings wordpress plugin – ulisting
CVE-2025-2348
IDOR
CVE-2024-12336
vam
CVE-2025-24856
wireless
wordpress form builder plugin for contact forms, surveys and quizzes – tripetto
CVE-2024-55591
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon