5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Log4j is an open source project from Apache. By using Log4j, you can control the destination of log messages delivered to the console, files, GUI components, or even socket servers, NT’s event logger, etc. A denial of service vulnerability exists in Apache Log4j2. The vulnerability is due to Apache Log4j2 configured with a non-default Pattern Layout scenario with Context Lookup (for example: $${ctx:loginId}), which can be exploited by attackers to construct malicious data to perform denial-of-service attacks without authorization, ultimately causing a server denial of service.
CPE | Name | Operator | Version |
---|---|---|---|
Apache Apache Log4j >=2.0.0,< | eq | 2.17.0 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P