All 4 CVE vulnerabilities found in Apache Log4j 1.x, with AI-generated Chinese analysis, references, and POCs.
Vendor: Apache Software Foundation
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-23307 | A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution. CWE-502 | 9.8 | - | 2022-01-18 |
| CVE-2022-23305 | SQL injection in JDBC Appender in Apache Log4j V1 CWE-89 | 9.8 | - | 2022-01-18 |
| CVE-2022-23302 | Deserialization of untrusted data in JMSSink in Apache Log4j 1.x CWE-502 | 8.8 | - | 2022-01-18 |
| CVE-2021-4104 | Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 CWE-502 | 7.5 | - | 2021-12-14 |
All 4 known CVE vulnerabilities affecting Apache Log4j 1.x with full Chinese analysis, references, and POCs where available.