Vulnerability Name: CVE-2020-9488 (CCN-180824) Assigned: 2020-04-25 Published: 2020-04-25 Updated: 2022-05-12 Summary: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 CVSS v3 Severity: 3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-295 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2020-9488 apache-cve20209488-mitm(180824) https://issues.apache.org/jira/browse/LOG4J2-2819 [kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 [zookeeper-dev] 20200504 log4j SmtpAppender related CVE [hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [kafka-users] 20210617 vulnerabilities [zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 [hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685 [hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 [flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1 [kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 [zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 [hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489 [kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities [zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 [zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 [kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities [hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 [hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 [zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E [db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board? [zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list [zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 [db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board? [zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E [zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 [kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar [debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update Apache Log4j [CVE-2020-9488] Improper validation of certificate with host mismatch in Apache Log4j SMTP appender https://security.netapp.com/advisory/ntap-20200504-0003/ DSA-5020 IBM Security Guardium Insights is affected by a components with known vulnerabilities IBM Security Guardium Insights is affected by Components with known vulnerabilities IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-9488) Vulnerabilities in IBM WebSphere Application Server Liberty, IBM Java Runtime, Log4j, and Apache Commons affect IBM Spectrum Protect Snapshot for VMware Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0 Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation. Apache Log4j Vulnerability Affects IBM Control Center (CVE-2020-9488) IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator Vulnerability in Apache Log4j may affect Curam Social Program Management (CVE-2020-9488) IBM Planning Analytics Workspace is affected by security vulnerabilities IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-22345, CVE-2020-8022, CVE-2021-33813, CVE-2020-9488) Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component Vulnerabilities from log4j affect IBM Operations Analytics - Log Analysis (CVE-2019-17571, CVE-2020-9488) Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics - Log Analysis IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version IBM Sterling Order Management migration strategy to Apache Log4j vulnerability (see CVEs below) Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities. Multiple Vulnerabilities in CloudPak for Watson AIOPs Oracle Critical Patch Update Advisory - April 2021 https://www.oracle.com/security-alerts/cpuApr2021.html Oracle Critical Patch Update Advisory - April 2022 https://www.oracle.com/security-alerts/cpuapr2022.html Oracle Critical Patch Update Advisory - January 2021 https://www.oracle.com/security-alerts/cpujan2021.html Oracle Critical Patch Update Advisory - July 2020 https://www.oracle.com/security-alerts/cpujul2020.html Oracle Critical Patch Update Advisory - October 2020 https://www.oracle.com/security-alerts/cpuoct2020.html Oracle Critical Patch Update Advisory - October 2021 https://www.oracle.com/security-alerts/cpuoct2021.html CVE-2020-9488 Vulnerable Configuration: Configuration 1 :cpe:/a:apache:log4j:*:*:*:*:*:*:*:* (Version >= 2.4 and < 2.12.3)OR cpe:/a:apache:log4j:*:*:*:*:*:*:*:* (Version >= 2.13.0 and < 2.13.2) OR cpe:/a:apache:log4j:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.3.2) Configuration 2 :cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* (Version >= 8.0.6.0.0 and <= 8.1.0.0.0) OR cpe:/a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* OR cpe:/a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* OR cpe:/a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:*:*:*:*:*:*:*:* (Version >= 4.3.0.1.0 and <= 4.3.0.6.0) OR cpe:/a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_market_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:* (Version >= 11.5.0 and <= 11.7.0) OR cpe:/a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* (Version >= 5.0.0.0 and <= 5.6.0.0) OR cpe:/a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.0.37:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.4.12:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2.0.37:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2.4.12:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.0.2.25:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:* OR cpe:/a:oracle:policy_automation:*:*:*:*:*:*:*:* (Version >= 12.2.0 and <= 12.2.20) OR cpe:/a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* (Version >= 12.2.0 and <= 12.2.20) OR cpe:/a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:18.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:19.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:19.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:19.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:* OR cpe:/a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.2.0.26:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_insights_cloud_service_suite:19.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:19.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:* (Version <= 21.9) OR cpe:/a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* (Version <= 21.2) OR cpe:/a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* Configuration 3 :cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:* Configuration 4 :cpe:/a:qos:reload4j:*:*:*:*:*:*:*:* (Version < 1.2.18.3)Configuration CCN 1 :cpe:/a:apache:log4j:2.13.1:-:*:*:*:*:*:* AND cpe:/a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:spectrum_protect:8.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* OR cpe:/a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_snapshot:4.1.0.0:*:*:*:*:vmware:*:* OR cpe:/a:ibm:spectrum_protect:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:8.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* OR cpe:/a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:control_center:6.2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:8.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* Oval Definitions BACK
apache log4j *
apache log4j *
apache log4j *
oracle flexcube private banking 12.1.0
oracle retail integration bus 14.1
oracle flexcube private banking 12.0.0
oracle flexcube core banking 5.2.0
oracle retail integration bus 15.0
oracle peoplesoft enterprise peopletools 8.56
oracle weblogic server 10.3.6.0.0
oracle utilities framework 4.2.0.3.0
oracle utilities framework 4.2.0.2.0
oracle utilities framework 2.2.0.0.0
oracle communications billing and revenue management 12.0.0.3.0
oracle communications unified inventory management 7.4.0
oracle data integrator 12.2.1.3.0
oracle financial services analytical applications infrastructure *
oracle financial services market risk measurement and management 8.0.6
oracle financial services price creation and discovery 8.0.7
oracle jd edwards world security a9.4
oracle peoplesoft enterprise peopletools 8.57
oracle peoplesoft enterprise peopletools 8.58
oracle policy automation connector for siebel 10.4.6
oracle primavera unifier 18.8
oracle primavera unifier 19.12
oracle retail customer management and segmentation foundation 16.0
oracle retail customer management and segmentation foundation 17.0
oracle retail customer management and segmentation foundation 18.0
oracle retail customer management and segmentation foundation 19.0
oracle retail integration bus 16.0
oracle utilities framework *
oracle utilities framework 4.4.0.0.0
oracle utilities framework 4.4.0.2.0
oracle communications application session controller 3.9m0p1
oracle communications billing and revenue management 7.5.0.23.0
oracle communications offline mediation controller 12.0.0.3.0
oracle communications unified inventory management 7.3.0
oracle enterprise manager for peoplesoft 13.4.1.1
oracle financial services institutional performance analytics 8.0.6
oracle financial services institutional performance analytics 8.1.0
oracle financial services institutional performance analytics 8.7.0
oracle financial services market risk measurement and management 8.0.8
oracle financial services market risk measurement and management 8.1.0
oracle financial services price creation and discovery 8.0.6
oracle financial services retail customer analytics 8.0.6
oracle flexcube core banking *
oracle insurance insbridge rating and underwriting *
oracle insurance insbridge rating and underwriting 5.6.1.0
oracle insurance policy administration j2ee 10.2.0.37
oracle insurance policy administration j2ee 10.2.4.12
oracle insurance policy administration j2ee 11.0.2.25
oracle insurance policy administration j2ee 11.1.0.15
oracle insurance rules palette 10.2.0.37
oracle insurance rules palette 10.2.4.12
oracle insurance rules palette 11.0.2.25
oracle insurance rules palette 11.1.0.15
oracle insurance rules palette 11.2.0.26
oracle policy automation *
oracle policy automation for mobile devices *
oracle retail advanced inventory planning 14.1
oracle retail assortment planning 15.0.3.0
oracle retail assortment planning 16.0.3.0
oracle retail bulk data integration 15.0.3.0
oracle retail bulk data integration 16.0.3.0
oracle retail order broker cloud service 16.0
oracle retail order broker cloud service 18.0
oracle retail order broker cloud service 19.0
oracle retail order broker cloud service 19.1
oracle retail order broker cloud service 19.3
oracle retail predictive application server 14.1.3.0
oracle retail predictive application server 15.0.3.0
oracle spatial and graph 18c
oracle spatial and graph 19c
oracle communications eagle ftp table base retrieval 4.5
oracle communications services gatekeeper 7.0
oracle data integrator 12.2.1.4.0
oracle health sciences information manager 3.0.1
oracle insurance policy administration j2ee 11.2.0.26
oracle oracle goldengate application adapters 19.1.0.0.0
oracle retail eftlink 15.0.2
oracle retail eftlink 16.0.3
oracle retail eftlink 17.0.2
oracle retail eftlink 18.0.1
oracle retail eftlink 19.0.1
oracle retail insights cloud service suite 19.0
oracle retail order broker cloud service 19.2
oracle retail predictive application server 16.0.3.0
oracle retail xstore point of service 15.0.4
oracle retail xstore point of service 16.0.6
oracle retail xstore point of service 17.0.4
oracle retail xstore point of service 18.0.3
oracle retail xstore point of service 19.0.2
oracle siebel apps - marketing *
oracle siebel ui framework *
oracle spatial and graph 12.2.0.1
oracle storagetek acsls 8.5.1
oracle storagetek tape analytics sw tool 2.3.1
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0
qos reload4j *
apache log4j 2.13.1 -
oracle weblogic server 10.3.6.0.0
ibm spectrum protect 7.1
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm spectrum protect 8.1
oracle retail order broker cloud service 16.0
oracle flexcube investor servicing 12.1.0
oracle flexcube investor servicing 12.3.0
oracle flexcube core banking 5.2.0
oracle flexcube private banking 12.0
oracle flexcube private banking 12.1
oracle retail store inventory management 14.0.4
oracle retail store inventory management 14.1.3
oracle jd edwards world security a9.4
oracle peoplesoft enterprise peopletools 8.56
oracle retail advanced inventory planning 14.1
oracle utilities framework 2.2.0.0.0
oracle utilities framework 4.2.0.2.0
oracle utilities framework 4.2.0.3.0
oracle utilities framework 4.3.0.3.0
ibm infosphere information server 11.7
oracle retail customer management and segmentation foundation 16.0
oracle retail eftlink 15.0.2
oracle retail eftlink 16.0.3
oracle flexcube investor servicing 12.4.0
oracle retail financial integration 15.0
oracle retail financial integration 16.0
oracle fusion middleware mapviewer 12.2.1.3
oracle retail customer management and segmentation foundation 17.0
oracle retail integration bus 14.1
oracle retail integration bus 15.0
oracle retail integration bus 16.0
oracle policy automation connector for siebel 10.4.6
oracle spatial and graph 12.2.0.1
oracle primavera unifier 18.8
oracle peoplesoft enterprise peopletools 8.57
oracle flexcube investor servicing 14.0.0
ibm sterling b2b integrator 6.0.0.0
ibm sterling b2b integrator 5.2.0.0
oracle financial services market risk measurement and management 8.0.6
oracle financial services market risk measurement and management 8.0.8
oracle retail customer management and segmentation foundation 18.0
oracle communications unified inventory management 7.4.0
oracle spatial and graph 18c
oracle flexcube investor servicing 14.1.0
ibm watson discovery 2.0.0
ibm qradar security information and event manager 7.3.3
ibm spectrum protect snapshot 4.1.0.0
ibm spectrum protect 7.1.0.0
ibm spectrum protect 8.1.0.0
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm security guardium insights 2.0.1
ibm watson discovery 2.1.4
ibm control center 6.2.0.0
ibm qradar security information and event manager 7.4.3 -
ibm curam social program management 8.0.0
ibm planning analytics workspace 2.0
ibm qradar security information and event manager 7.5.0 -
Denotes that component is vulnerable