Apache Log4j 安全漏洞

🗓️ 10 Apr 2026 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 4 Views

Security vulnerability in Apache Log4j: Log4j1XmlLayout does not escape XML 1.0, risking malformed XML.

Reporter	Title	Published	Views	Family All 94
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.	19 Jun 202608:43	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in log4j/2.x affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	22 Jun 202613:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues	24 Jun 202606:08	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of log4j-core-2.25.3.jar, IBM Sterling Connect:Direct Web Services is vulnerable to log injection via CRLF sequences.	3 Jun 202604:27	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34480 ,CVE-2026-34477, CVE-2026-34478, CVE-2026-34479)	29 May 202608:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Log4j	27 May 202617:36	–	ibm
IBM Security Bulletins	Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).	11 Jun 202621:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle.	11 May 202606:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Log4j and Apache Neethi	8 Jun 202611:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )	22 May 202614:52	–	ibm

Source	Link
github	www.github.com/apache/logging-log4j2/pull/4078
lists	www.lists.apache.org/thread/gd0hp6mj17rn3kj279vgy4p7kd4zz5on
logging	www.logging.apache.org/cyclonedx/vdr.xml
logging	www.logging.apache.org/log4j/2.x/migrate-from-log4j1.html
logging	www.logging.apache.org/security.html
openwall	www.openwall.com/lists/oss-security/2026/04/10/8

29 May 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

CVSS 46.9

EPSS0.00535

SSVC

Apache Log4j Log4j1XmlLayout Extensible Markup Language character escaping vulnerability