CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

CVSS v3 3.7 LOW
CVSS v2.0 4.3 MEDIUM

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://issues.apache.org/jira/browse/LOG4J2-2819	Issue Tracking Mitigation Patch Vendor Advisory
https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20200504-0003/	Third Party Advisory
https://www.debian.org/security/2021/dsa-5020	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://issues.apache.org/jira/browse/LOG4J2-2819	Issue Tracking Mitigation Patch Vendor Advisory
https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20200504-0003/	Third Party Advisory
https://www.debian.org/security/2021/dsa-5020	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*
	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*
	cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking::::::::
	cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
	cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:::::::*
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:::::::*
	cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
	cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:policy_automation::::::::
	cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
	cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:::::::*
	cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:::::::*
	cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:::::::*
	cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:::::::*
	cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:::::::*
	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
	cpe:2.3:a:oracle:retail_eftlink:15.0.2:::::::*
	cpe:2.3:a:oracle:retail_eftlink:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_eftlink:17.0.2:::::::*
	cpe:2.3:a:oracle:retail_eftlink:18.0.1:::::::*
	cpe:2.3:a:oracle:retail_eftlink:19.0.1:::::::*
	cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:14.1:::::::*
cpe:2.3:a:oracle:retail_integration_bus:15.0:::::::*
cpe:2.3:a:oracle:retail_integration_bus:16.0:::::::*
cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0:::::::*
cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0:::::::*
cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0:::::::*
cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1:::::::*
cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2:::::::*
cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*
cpe:2.3:a:oracle:siebel_apps_-_marketing::::::::
cpe:2.3:a:oracle:siebel_ui_framework::::::::
cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:::::::*
cpe:2.3:a:oracle:spatial_and_graph:18c:::::::*
cpe:2.3:a:oracle:spatial_and_graph:19c:::::::*
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:::::::*
cpe:2.3:a:oracle:utilities_framework::::::::
cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:40

12 May 2022, 15:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

08 Apr 2022, 10:15

Type	Values Removed	Values Added
CPE		cpe:2.3:a:qos:reload4j::::::::

21 Mar 2022, 14:15

Type	Values Removed	Values Added
Summary	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

02 Mar 2022, 17:21

Type	Values Removed	Values Added
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::*
References	~~(DEBIAN) https://www.debian.org/security/2021/dsa-5020 -~~	(DEBIAN) https://www.debian.org/security/2021/dsa-5020 - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html - Mailing List, Third Party Advisory

27 Dec 2021, 00:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html -

12 Dec 2021, 11:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2021/dsa-5020 -

02 Dec 2021, 22:09

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::* cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::* cpe:2.3:a:oracle:siebel_ui_framework:::::::: cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::* cpe:2.3:a:oracle:retail_eftlink:17.0.2:::::::* cpe:2.3:a:oracle:siebel_apps_-_marketing:::::::: cpe:2.3:a:oracle:retail_eftlink:18.0.1:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:::::::* cpe:2.3:a:oracle:retail_eftlink:16.0.3:::::::* cpe:2.3:a:oracle:retail_eftlink:15.0.2:::::::* cpe:2.3:a:oracle:retail_eftlink:19.0.1:::::::* cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E - Mailing List, Vendor Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E - Mailing List, Vendor Advisory

20 Oct 2021, 11:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

17 Jun 2021, 20:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E -

14 Jun 2021, 18:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

Information

Published : 2020-04-27 16:15

Updated : 2024-11-21 05:40

NVD link : CVE-2020-9488

Mitre link : CVE-2020-9488

CVE.ORG link : CVE-2020-9488

JSON object : View

Products Affected

oracle

primavera_unifier
insurance_policy_administration_j2ee
insurance_insbridge_rating_and_underwriting
communications_services_gatekeeper
data_integrator
insurance_rules_palette
retail_order_broker_cloud_service
retail_advanced_inventory_planning
utilities_framework
siebel_apps_-_marketing
financial_services_institutional_performance_analytics
financial_services_market_risk_measurement_and_management
policy_automation_for_mobile_devices
jd_edwards_world_security
oracle_goldengate_application_adapters
retail_eftlink
policy_automation_connector_for_siebel
financial_services_analytical_applications_infrastructure
peoplesoft_enterprise_peopletools
enterprise_manager_for_peoplesoft
retail_bulk_data_integration
health_sciences_information_manager
communications_unified_inventory_management
storagetek_acsls
communications_application_session_controller
spatial_and_graph
communications_offline_mediation_controller
communications_billing_and_revenue_management
communications_eagle_ftp_table_base_retrieval
retail_integration_bus
retail_assortment_planning
flexcube_core_banking
retail_predictive_application_server
siebel_ui_framework
policy_automation
flexcube_private_banking
storagetek_tape_analytics_sw_tool
retail_customer_management_and_segmentation_foundation
retail_insights_cloud_service_suite
financial_services_price_creation_and_discovery
weblogic_server
retail_xstore_point_of_service
financial_services_retail_customer_analytics

apache

log4j

debian

debian_linux

qos

reload4j

CWE

CWE-295

Improper Certificate Validation

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-9488

3.7^/10

4.3^/10

Attach tags to `CVE-2020-9488`