Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Log4j

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2019-17571
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-28.50% / 96.63%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 16:01
Updated-28 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.openSUSECanonical Ltd.The Apache Software FoundationDebian GNU/Linux
Product-application_testing_suiteendeca_information_discovery_studiooncommand_workflow_automationretail_extract_transform_and_loadleaprapid_planningdebian_linuxweblogic_serverubuntu_linuxoncommand_system_managercommunications_network_integrityfinancial_services_lending_and_leasingprimavera_gatewaylog4jmysql_enterprise_monitorretail_service_backbonebookkeeperLog4j
CWE ID-CWE-502
Deserialization of Untrusted Data