Oracle » Weblogic Server : Security Vulnerabilities, CVEs, Published In 2019 (Code Execution)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Max CVSS
9.8
EPSS Score
79.38%
Published
2019-12-20
Updated
2022-12-14
1 vulnerabilities found