[ https://issues.apache.org/jira/browse/LOG4J2-3220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458726#comment-17458726 ]
Volkan Yazici commented on LOG4J2-3220: --------------------------------------- Log4j 1.x is not affected by CVE-2021-44228. This said, _an attacker having write access to the configuration files_ can alter the JMS appender setup in Log4j 1.x for exfiltration. > CVE-2021-44228 > -------------- > > Key: LOG4J2-3220 > URL: https://issues.apache.org/jira/browse/LOG4J2-3220 > Project: Log4j 2 > Issue Type: Question > Components: API > Affects Versions: 2.15.0 > Reporter: Abdullah AbuHijleh > Priority: Major > > Hello, > > Regarding [CVE-2021-44228]can you please confirm it is not affecting Log4j > 1.x because we still have many customers using it? > > Thanks -- This message was sent by Atlassian Jira (v8.20.1#820001)