Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

CVSS v3:

  • Severity: Low
  • Score: 3.7
  • AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / log4j 2.4 2.12.3
apache / log4j 2.13.0 2.13.2
apache / log4j 2.0 2.3.2
oracle / flexcube_private_banking 12.1.0 12.1.0.x
oracle / retail_integration_bus 14.1 14.1.x
oracle / flexcube_private_banking 12.0.0 12.0.0.x
oracle / flexcube_core_banking 5.2.0 5.2.0.x
oracle / retail_integration_bus 15.0 15.0.x
oracle / peoplesoft_enterprise_peopletools 8.56 8.56.x
oracle / weblogic_server 10.3.6.0.0 10.3.6.0.0.x
oracle / utilities_framework 4.2.0.3.0 4.2.0.3.0.x
oracle / utilities_framework 4.2.0.2.0 4.2.0.2.0.x
oracle / utilities_framework 2.2.0.0.0 2.2.0.0.0.x
oracle / peoplesoft_enterprise_peopletools 8.57 8.57.x
oracle / retail_integration_bus 16.0 16.0.x
oracle / primavera_unifier 18.8 18.8.x
oracle / retail_customer_management_and_segmentation_foundation 16.0 16.0.x
oracle / retail_customer_management_and_segmentation_foundation 17.0 17.0.x
oracle / retail_customer_management_and_segmentation_foundation 18.0 18.0.x
oracle / policy_automation_connector_for_siebel 10.4.6 10.4.6.x
oracle / data_integrator 12.2.1.3.0 12.2.1.3.0.x
oracle / jd_edwards_world_security a9.4 a9.4.x
oracle / financial_services_market_risk_measurement_and_management 8.0.6 8.0.6.x
oracle / utilities_framework 4.4.0.0.0 4.4.0.0.0.x
oracle / communications_unified_inventory_management 7.4.0 7.4.0.x
oracle / financial_services_price_creation_and_discovery 8.0.7 8.0.7.x
oracle / peoplesoft_enterprise_peopletools 8.58 8.58.x
oracle / primavera_unifier 19.12 19.12.x
oracle / financial_services_analytical_applications_infrastructure 8.0.6.0.0 8.1.0.0.0.x
oracle / utilities_framework 4.3.0.1.0 4.3.0.6.0.x
oracle / utilities_framework 4.4.0.2.0 4.4.0.2.0.x
oracle / retail_customer_management_and_segmentation_foundation 19.0 19.0.x
oracle / communications_billing_and_revenue_management 12.0.0.3.0 12.0.0.3.0.x
oracle / communications_billing_and_revenue_management 7.5.0.23.0 7.5.0.23.0.x
oracle / financial_services_price_creation_and_discovery 8.0.6 8.0.6.x
oracle / policy_automation 12.2.0 12.2.20.x
oracle / financial_services_institutional_performance_analytics 8.1.0 8.1.0.x
oracle / financial_services_institutional_performance_analytics 8.0.6 8.0.6.x
oracle / insurance_insbridge_rating_and_underwriting 5.0.0.0 5.6.0.0.x
oracle / policy_automation_for_mobile_devices 12.2.0 12.2.20.x
oracle / insurance_insbridge_rating_and_underwriting 5.6.1.0 5.6.1.0.x
oracle / financial_services_market_risk_measurement_and_management 8.0.8 8.0.8.x
oracle / communications_unified_inventory_management 7.3.0 7.3.0.x
oracle / retail_order_broker_cloud_service 19.0 19.0.x
oracle / retail_assortment_planning 15.0.3.0 15.0.3.0.x
oracle / financial_services_institutional_performance_analytics 8.7.0 8.7.0.x
oracle / insurance_policy_administration_j2ee 11.0.2.25 11.0.2.25.x
oracle / retail_advanced_inventory_planning 14.1 14.1.x
oracle / retail_predictive_application_server 14.1.3.0 14.1.3.0.x
oracle / spatial_and_graph 18c 18c.x
oracle / retail_order_broker_cloud_service 16.0 16.0.x
oracle / flexcube_core_banking 11.5.0 11.7.0.x
oracle / financial_services_market_risk_measurement_and_management 8.1.0 8.1.0.x
oracle / insurance_rules_palette 11.2.0.26 11.2.0.26.x
oracle / spatial_and_graph 19c 19c.x
oracle / communications_offline_mediation_controller 12.0.0.3.0 12.0.0.3.0.x
oracle / insurance_rules_palette 10.2.0.37 10.2.0.37.x
oracle / enterprise_manager_for_peoplesoft 13.4.1.1 13.4.1.1.x
oracle / insurance_rules_palette 11.1.0.15 11.1.0.15.x
oracle / retail_bulk_data_integration 15.0.3.0 15.0.3.0.x
oracle / insurance_policy_administration_j2ee 10.2.4.12 10.2.4.12.x
oracle / retail_bulk_data_integration 16.0.3.0 16.0.3.0.x
oracle / insurance_policy_administration_j2ee 10.2.0.37 10.2.0.37.x
oracle / retail_order_broker_cloud_service 19.3 19.3.x
oracle / retail_predictive_application_server 15.0.3.0 15.0.3.0.x
oracle / insurance_policy_administration_j2ee 11.1.0.15 11.1.0.15.x
oracle / insurance_rules_palette 11.0.2.25 11.0.2.25.x
oracle / retail_order_broker_cloud_service 19.1 19.1.x
oracle / insurance_rules_palette 10.2.4.12 10.2.4.12.x
oracle / retail_order_broker_cloud_service 18.0 18.0.x
oracle / retail_assortment_planning 16.0.3.0 16.0.3.0.x
oracle / communications_application_session_controller 3.9m0p1 3.9m0p1.x
oracle / financial_services_retail_customer_analytics 8.0.6 8.0.6.x
oracle / spatial_and_graph 12.2.0.1 12.2.0.1.x
oracle / insurance_policy_administration_j2ee 11.2.0.26 11.2.0.26.x
oracle / retail_predictive_application_server 16.0.3.0 16.0.3.0.x
oracle / retail_order_broker_cloud_service 19.2 19.2.x
oracle / communications_services_gatekeeper 7.0 7.0.x
oracle / data_integrator 12.2.1.4.0 12.2.1.4.0.x
oracle / storagetek_tape_analytics_sw_tool 2.3.1 2.3.1.x
oracle / health_sciences_information_manager 3.0.1 3.0.1.x
oracle / oracle_goldengate_application_adapters 19.1.0.0.0 19.1.0.0.0.x
oracle / retail_xstore_point_of_service 16.0.6 16.0.6.x
oracle / retail_xstore_point_of_service 17.0.4 17.0.4.x
oracle / retail_xstore_point_of_service 18.0.3 18.0.3.x
oracle / retail_xstore_point_of_service 19.0.2 19.0.2.x
oracle / retail_xstore_point_of_service 15.0.4 15.0.4.x
oracle / siebel_ui_framework - 21.2.x
oracle / retail_insights_cloud_service_suite 19.0 19.0.x
oracle / retail_eftlink 16.0.3 16.0.3.x
oracle / retail_eftlink 17.0.2 17.0.2.x
oracle / retail_eftlink 18.0.1 18.0.1.x
oracle / retail_eftlink 19.0.1 19.0.1.x
oracle / retail_eftlink 15.0.2 15.0.2.x
oracle / siebel_apps_-_marketing - 21.9.x
oracle / communications_eagle_ftp_table_base_retrieval 4.5 4.5.x
oracle / storagetek_acsls 8.5.1 8.5.1.x
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
debian / debian_linux 11.0 11.0.x
qos / reload4j - 1.2.18.3
org.apache.logging.log4j / log4j - 2.13.2
org.apache.logging.log4j / log4j-core - 2.13.2