CVE-2020-9488
27.04.2020, 16:15
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1Enginsight
| Vendor | Product | Version |
|---|---|---|
| apache | log4j | 2.0 ≤ 𝑥 < 2.3.2 |
| apache | log4j | 2.4 ≤ 𝑥 < 2.12.3 |
| apache | log4j | 2.13.0 ≤ 𝑥 < 2.13.2 |
| oracle | communications_application_session_controller | 3.9m0p1:m0p1 |
| oracle | communications_billing_and_revenue_management | 7.5.0.23.0 |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 |
| oracle | communications_eagle_ftp_table_base_retrieval | 4.5 |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 |
| oracle | communications_services_gatekeeper | 7.0 |
| oracle | communications_unified_inventory_management | 7.3.0 |
| oracle | communications_unified_inventory_management | 7.4.0 |
| oracle | data_integrator | 12.2.1.3.0 |
| oracle | data_integrator | 12.2.1.4.0 |
| oracle | enterprise_manager_for_peoplesoft | 13.4.1.1 |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.6.0.0 ≤ 𝑥 ≤ 8.1.0.0.0 |
| oracle | financial_services_institutional_performance_analytics | 8.0.6 |
| oracle | financial_services_institutional_performance_analytics | 8.1.0 |
| oracle | financial_services_institutional_performance_analytics | 8.7.0 |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.6 |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.8 |
| oracle | financial_services_market_risk_measurement_and_management | 8.1.0 |
| oracle | financial_services_price_creation_and_discovery | 8.0.6 |
| oracle | financial_services_price_creation_and_discovery | 8.0.7 |
| oracle | financial_services_retail_customer_analytics | 8.0.6 |
| oracle | flexcube_core_banking | 11.5.0 ≤ 𝑥 ≤ 11.7.0 |
| oracle | flexcube_core_banking | 5.2.0 |
| oracle | flexcube_private_banking | 12.0.0 |
| oracle | flexcube_private_banking | 12.1.0 |
| oracle | health_sciences_information_manager | 3.0.1 |
| oracle | insurance_insbridge_rating_and_underwriting | 5.0.0.0 ≤ 𝑥 ≤ 5.6.0.0 |
| oracle | insurance_insbridge_rating_and_underwriting | 5.6.1.0 |
| oracle | insurance_policy_administration_j2ee | 10.2.0.37 |
| oracle | insurance_policy_administration_j2ee | 10.2.4.12 |
| oracle | insurance_policy_administration_j2ee | 11.0.2.25 |
| oracle | insurance_policy_administration_j2ee | 11.1.0.15 |
| oracle | insurance_policy_administration_j2ee | 11.2.0.26 |
| oracle | insurance_rules_palette | 10.2.0.37 |
| oracle | insurance_rules_palette | 10.2.4.12 |
| oracle | insurance_rules_palette | 11.0.2.25 |
| oracle | insurance_rules_palette | 11.1.0.15 |
| oracle | insurance_rules_palette | 11.2.0.26 |
| oracle | oracle_goldengate_application_adapters | 19.1.0.0.0 |
| oracle | peoplesoft_enterprise_peopletools | 8.56 |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| oracle | policy_automation | 12.2.0 ≤ 𝑥 ≤ 12.2.20 |
| oracle | policy_automation_connector_for_siebel | 10.4.6 |
| oracle | policy_automation_for_mobile_devices | 12.2.0 ≤ 𝑥 ≤ 12.2.20 |
| oracle | primavera_unifier | 18.8 |
| oracle | primavera_unifier | 19.12 |
| oracle | retail_advanced_inventory_planning | 14.1 |
| oracle | retail_assortment_planning | 15.0.3.0 |
| oracle | retail_assortment_planning | 16.0.3.0 |
| oracle | retail_bulk_data_integration | 15.0.3.0 |
| oracle | retail_bulk_data_integration | 16.0.3.0 |
| oracle | retail_customer_management_and_segmentation_foundation | 16.0 |
| oracle | retail_customer_management_and_segmentation_foundation | 17.0 |
| oracle | retail_customer_management_and_segmentation_foundation | 18.0 |
| oracle | retail_customer_management_and_segmentation_foundation | 19.0 |
| oracle | retail_eftlink | 15.0.2 |
| oracle | retail_eftlink | 16.0.3 |
| oracle | retail_eftlink | 17.0.2 |
| oracle | retail_eftlink | 18.0.1 |
| oracle | retail_eftlink | 19.0.1 |
| oracle | retail_insights_cloud_service_suite | 19.0 |
| oracle | retail_integration_bus | 14.1 |
| oracle | retail_integration_bus | 15.0 |
| oracle | retail_integration_bus | 16.0 |
| oracle | retail_order_broker_cloud_service | 16.0 |
| oracle | retail_order_broker_cloud_service | 18.0 |
| oracle | retail_order_broker_cloud_service | 19.0 |
| oracle | retail_order_broker_cloud_service | 19.1 |
| oracle | retail_order_broker_cloud_service | 19.2 |
| oracle | retail_order_broker_cloud_service | 19.3 |
| oracle | retail_predictive_application_server | 14.1.3.0 |
| oracle | retail_predictive_application_server | 15.0.3.0 |
| oracle | retail_predictive_application_server | 16.0.3.0 |
| oracle | retail_xstore_point_of_service | 15.0.4 |
| oracle | retail_xstore_point_of_service | 16.0.6 |
| oracle | retail_xstore_point_of_service | 17.0.4 |
| oracle | retail_xstore_point_of_service | 18.0.3 |
| oracle | retail_xstore_point_of_service | 19.0.2 |
| oracle | siebel_apps_-_marketing | 𝑥 ≤ 21.9 |
| oracle | siebel_ui_framework | 𝑥 ≤ 21.2 |
| oracle | spatial_and_graph | 12.2.0.1 |
| oracle | storagetek_acsls | 8.5.1 |
| oracle | storagetek_tape_analytics_sw_tool | 2.3.1 |
| oracle | utilities_framework | 4.3.0.1.0 ≤ 𝑥 ≤ 4.3.0.6.0 |
| oracle | utilities_framework | 2.2.0.0.0 |
| oracle | utilities_framework | 4.2.0.2.0 |
| oracle | utilities_framework | 4.2.0.3.0 |
| oracle | utilities_framework | 4.4.0.0.0 |
| oracle | utilities_framework | 4.4.0.2.0 |
| oracle | weblogic_server | 10.3.6.0.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| qos | reload4j | 𝑥 < 1.2.18.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References