Skip to main content

E Business Suite Information Discovery

1 CVEs product

Monthly

CVE-2022-23305 Maven CRITICAL PATCH GHSA Act Now

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Apache SQLi Log4J Snapmanager Brocade Sannav +25
NVD VulDB
CVSS 3.1
9.8
EPSS
9.5%
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Apache SQLi Log4J +27
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy