HomePentest-Tools.com Logo

Apache Log4j 1.x Multiple Vulnerabilities (Windows, Jan 2022) - Version Check CVE-2022-23302CVE-2022-23305CVE-2022-23307CVE-2020-9493

Severity
CVSSv3 Score
8.8
Vulnerability description

Apache Log4j is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2022-23302: Deserialization of untrusted data in JMSSink. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. - CVE-2022-23305: SQL injection in JDBC Appender. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. - CVE-2022-23307/CVE-2020-9493: A deserialization flaw in the Chainsaw component of Log4j 1.x can lead to malicious code execution.

Recommendation

No solution was made available by the vendor. Note: Apache Log4j 1.x reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 16, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available