Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2020-9488

CVE information

Published

3 years ago

Last Modified

5 months ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Low

Impact Analysis

Share

Description

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1.

CVSSv2.0 Score

Severity
Medium
Base Score
4.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

CVSSv3.1 Score

Severity
Low
Base Score
3.7/10
Exploit Score
2.2/10
Access Vector
Network
Access Complexity
High
Privileges Required
None
Impact Score
1.4/10
Confidentiality Impact
Low
Availability Impact
None
Integrity Impact
None
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
  Yes
2.4 2.12.3
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
  Yes
2.13.0 2.13.2
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
  Yes
2.0 2.3.2
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:
  Yes
- -
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:
  Yes
- -
cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_customer_management_and_segmentation
  Yes
- -
cpe:2.3:a:oracle:retail_customer_management_and_segmentation
  Yes
- -
cpe:2.3:a:oracle:retail_customer_management_and_segmentation
  Yes
- -
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4
  Yes
- -
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:financial_services_market_risk_measurement_
  Yes
- -
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_unified_inventory_management
  Yes
- -
cpe:2.3:a:oracle:financial_services_price_creation_and_disco
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:
  Yes
- -
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:financial_services_analytical_applications_
  Yes
8.0.6.0.0 -
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
  Yes
4.3.0.1.0 -
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_customer_management_and_segmentation
  Yes
- -
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme
  Yes
- -
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme
  Yes
- -
cpe:2.3:a:oracle:financial_services_price_creation_and_disco
  Yes
- -
cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*
  Yes
12.2.0 -
cpe:2.3:a:oracle:financial_services_institutional_performanc
  Yes
- -
cpe:2.3:a:oracle:financial_services_institutional_performanc
  Yes
- -
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting
  Yes
5.0.0.0 -
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:
  Yes
12.2.0 -
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting
  Yes
- -
cpe:2.3:a:oracle:financial_services_market_risk_measurement_
  Yes
- -
cpe:2.3:a:oracle:communications_unified_inventory_management
  Yes
- -
cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0:*:*:
  Yes
- -
cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:financial_services_institutional_performanc
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2
  Yes
- -
cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3
  Yes
- -
cpe:2.3:a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0:*:*:
  Yes
- -
cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
  Yes
11.5.0 -
cpe:2.3:a:oracle:financial_services_market_risk_measurement_
  Yes
- -
cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_offline_mediation_controller
  Yes
- -
cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:
  Yes
- -
cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4
  Yes
- -
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0
  Yes
- -
cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3:*:*:
  Yes
- -
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0
  Yes
- -
cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1:*:*:
  Yes
- -
cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0:*:*:
  Yes
- -
cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_application_session_controll
  Yes
- -
cpe:2.3:a:oracle:financial_services_retail_customer_analytic
  Yes
- -
cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0
  Yes
- -
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3
  Yes
- -
cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2:*:*:
  Yes
- -
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:
  Yes
- -
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*
  Yes
- -
cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*
  Yes
- -
cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1
  Yes
- -
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*
  Yes
- -
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:*:
  Yes
- -
cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retriev
  Yes
- -
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*
  Yes
- 1.2.18.3

References