It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of
untrusted data if the configuration file was editable. An attacker could use
this vulnerability to cause a DoS or possibly execute arbitrary code.
7.8 High
AI Score
Confidence
0.127 Low
EPSS
Percentile
95.5%