Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
12 May 2022, 15:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Apr 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:* |
21 Mar 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 |
02 Mar 2022, 17:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
References | (DEBIAN) https://www.debian.org/security/2021/dsa-5020 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html - Mailing List, Third Party Advisory |
27 Dec 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Dec 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Dec 2021, 22:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E - Mailing List, Vendor Advisory |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jun 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-04-27 16:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-9488
Mitre link : CVE-2020-9488
CVE.ORG link : CVE-2020-9488
JSON object : View
Products Affected
oracle
- storagetek_tape_analytics_sw_tool
- policy_automation_for_mobile_devices
- financial_services_price_creation_and_discovery
- primavera_unifier
- insurance_rules_palette
- siebel_ui_framework
- retail_predictive_application_server
- financial_services_institutional_performance_analytics
- flexcube_core_banking
- retail_xstore_point_of_service
- communications_application_session_controller
- communications_billing_and_revenue_management
- communications_unified_inventory_management
- flexcube_private_banking
- financial_services_retail_customer_analytics
- spatial_and_graph
- retail_assortment_planning
- oracle_goldengate_application_adapters
- retail_bulk_data_integration
- policy_automation
- financial_services_analytical_applications_infrastructure
- communications_eagle_ftp_table_base_retrieval
- insurance_policy_administration_j2ee
- retail_customer_management_and_segmentation_foundation
- policy_automation_connector_for_siebel
- retail_eftlink
- data_integrator
- retail_integration_bus
- siebel_apps_-_marketing
- utilities_framework
- communications_services_gatekeeper
- enterprise_manager_for_peoplesoft
- retail_order_broker_cloud_service
- health_sciences_information_manager
- retail_advanced_inventory_planning
- weblogic_server
- peoplesoft_enterprise_peopletools
- financial_services_market_risk_measurement_and_management
- communications_offline_mediation_controller
- jd_edwards_world_security
- retail_insights_cloud_service_suite
- insurance_insbridge_rating_and_underwriting
- storagetek_acsls
qos
- reload4j
debian
- debian_linux
apache
- log4j
CWE
CWE-295
Improper Certificate Validation