CVE-2020-9488
Severity
3.7LOW
EPSS
0.0%
top 91.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 27
Latest updateApr 15
Description
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4
Affected Packages48 packages
Also affects: Debian Linux 10.0, 11.0, 9.0
Patches
🔴Vulnerability Details
4💥Exploits & PoCs
1📋Vendor Advisories
9Oracle▶
Oracle Oracle JD Edwards Risk Matrix: World Software Security (Apache Log4j) — CVE-2020-9488↗2021-04-15
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Install, config, upgrade (Apache Log4j) — CVE-2020-9488↗2021-01-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Billing Operation Center and Oracle Communication Billing Care (Apache Log4j) — CVE-2020-9488↗2020-10-15
💬Community
3Bugzilla▶
CVE-2020-9488 log4j12: log4j: improper validation of certificate with host mismatch in SMTP appender [fedora-all]↗2020-05-04
Bugzilla▶
CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender [fedora-all]↗2020-05-04
Bugzilla▶
CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender↗2020-05-04