0.004 Low
EPSS
Percentile
74.9%
JDBCAppender in Log4j is vulnerable to SQL injection attacks. An attacker is able to execute arbitrary SQL commands via entering crafted strings into input fields and headers where the values to be inserted are converters from PatternLayout
PatternLayout
www.openwall.com/lists/oss-security/2022/01/18/4
lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y
logging.apache.org/log4j/1.2/index.html
security.netapp.com/advisory/ntap-20220217-0007/
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html