Vulnerabilities > Oracle > Middleware Common Libraries AND Tools > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2022-23305 | SQL Injection vulnerability in multiple products By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. | 9.8 |
| 2021-10-18 | CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 |
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |