CVE-2020-9488

3.7

LOW

Apache Log4j SSL (Certificate Validation) Weakness

Description

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

INFO

Published Date :

April 27, 2020, 4:15 p.m.

Last Modified :

Nov. 7, 2023, 3:26 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

1.4

Exploitability Score :

2.2 Public PoC/Exploit Available at Github

CVE-2020-9488 has a 18 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2020-9488 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Oracle	weblogic_server
2	Oracle	peoplesoft_enterprise_peopletools
3	Oracle	siebel_ui_framework
4	Oracle	data_integrator
5	Oracle	retail_customer_management_and_segmentation_foundation
6	Oracle	primavera_unifier
7	Oracle	retail_predictive_application_server
8	Oracle	retail_bulk_data_integration
9	Oracle	retail_xstore_point_of_service
10	Oracle	communications_billing_and_revenue_management
11	Oracle	flexcube_private_banking
12	Oracle	communications_offline_mediation_controller
13	Oracle	communications_services_gatekeeper
14	Oracle	communications_unified_inventory_management
15	Oracle	insurance_policy_administration_j2ee
16	Oracle	communications_application_session_controller
17	Oracle	utilities_framework
18	Oracle	insurance_rules_palette
19	Oracle	financial_services_analytical_applications_infrastructure
20	Oracle	flexcube_core_banking
21	Oracle	policy_automation_connector_for_siebel
22	Oracle	retail_integration_bus
23	Oracle	financial_services_market_risk_measurement_and_management
24	Oracle	financial_services_price_creation_and_discovery
25	Oracle	health_sciences_information_manager
26	Oracle	insurance_insbridge_rating_and_underwriting
27	Oracle	policy_automation
28	Oracle	retail_assortment_planning
29	Oracle	retail_eftlink
30	Oracle	retail_advanced_inventory_planning
31	Oracle	storagetek_tape_analytics_sw_tool
32	Oracle	jd_edwards_world_security
33	Oracle	communications_eagle_ftp_table_base_retrieval
34	Oracle	enterprise_manager_for_peoplesoft
35	Oracle	financial_services_institutional_performance_analytics
36	Oracle	financial_services_retail_customer_analytics
37	Oracle	oracle_goldengate_application_adapters
38	Oracle	policy_automation_for_mobile_devices
39	Oracle	retail_insights_cloud_service_suite
40	Oracle	retail_order_broker_cloud_service
41	Oracle	siebel_apps_-_marketing
42	Oracle	spatial_and_graph
43	Oracle	storagetek_acsls
1	Debian	debian_linux
1	Apache	log4j
1	Qos	reload4j

: Total Affected Vendor : 4 | Products : 46

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-9488.

URL	Resource
https://issues.apache.org/jira/browse/LOG4J2-2819	Issue Tracking Mitigation Patch Vendor Advisory
https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20200504-0003/	Third Party Advisory
https://www.debian.org/security/2021/dsa-5020	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Dzmitry-Basiachenka/dist-foreign-aliakh

None

SCSS Mustache

Updated: 6 months ago

0 stars 0 fork 0 watcher

Born at : March 11, 2024, 8:53 a.m. This repo has been linked 52 different CVEs too.

RihanaDave/logging-log4j1-main

None

Java Perl HTML C++ CSS Raku Batchfile Roff

Updated: 6 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : Feb. 21, 2024, 8:25 a.m. This repo has been linked 7 different CVEs too.

albert-liu435/logging-log4j-1_2_17

None

Java Perl HTML C++ CSS Batchfile Raku Roff

Updated: 1 year, 7 months ago

0 stars 0 fork 0 watcher

Born at : Jan. 17, 2023, 7:35 a.m. This repo has been linked 7 different CVEs too.

GavinStevensHoboken/log4j

None

Java Perl HTML C++ CSS Batchfile Raku Roff

Updated: 2 years, 5 months ago

0 stars 0 fork 0 watcher

Born at : April 10, 2022, 7:54 p.m. This repo has been linked 7 different CVEs too.

davejwilson/azure-spark-pools-log4j

None

Updated: 2 years, 2 months ago

1 stars 0 fork 0 watcher

Born at : Feb. 6, 2022, 6:14 p.m. This repo has been linked 9 different CVEs too.

gumimin/dependency-check-sample

None

Kotlin HTML

Updated: 2 years, 7 months ago

0 stars 0 fork 0 watcher

Born at : Jan. 30, 2022, 12:56 p.m. This repo has been linked 6 different CVEs too.

Schnitker/log4j-min

Fork of Log4j 1.2 project, without additional appenders and classes causing security issues.

Java HTML

Updated: 2 years, 7 months ago

1 stars 0 fork 0 watcher

Born at : Jan. 29, 2022, 2:26 p.m. This repo has been linked 6 different CVEs too.

thl-cmk/CVE-log4j-check_mk-plugin

CVE-log4j CheckMK plugin

log4j2 checkmk-extension checkmk-agent cve-2021-44228 cve-2021-45046 cve-2021-4104 cve-2021-42550 cve-2021-45105 cve-2021-44832

Python Shell

Updated: 1 year, 2 months ago

5 stars 0 fork 0 watcher

Born at : Jan. 3, 2022, 8:55 p.m. This repo has been linked 12 different CVEs too.

andrewd-sysdig/sysdig_package_report

None

Python

Updated: 1 year, 9 months ago

3 stars 1 fork 1 watcher

Born at : Dec. 17, 2021, 10:51 a.m. This repo has been linked 1 different CVEs too.

ltslog/ltslog

Long Term Support version of a stripped down log4j

Java HTML C++ CSS Batchfile Raku Roff

Updated: 2 years, 8 months ago

2 stars 3 fork 3 watcher

Born at : Dec. 16, 2021, 6:35 a.m. This repo has been linked 7 different CVEs too.

HynekPetrak/log4shell-finder

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

cve-2021-44228 cve-2021-45046 log4j log4shell vulnerability security scanner log4j2 cve-2021-4104 cve-2021-42550 cve-2021-45105 cve-2021-44832 cve-2017-5645 cve-2019-17571 cve-2022-23305 cve-2022-23307 cve-2022-23302 cve-2020-9488

Python

Updated: 4 months ago

37 stars 13 fork 13 watcher

Born at : Dec. 14, 2021, 10:27 p.m. This repo has been linked 12 different CVEs too.

whitesource/log4j-detect-distribution

None

Go Ruby

Updated: 1 month, 1 week ago

138 stars 22 fork 22 watcher

Born at : Dec. 14, 2021, 7:24 a.m. This repo has been linked 10 different CVEs too.

logpresso/CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228

cve-2021-44228 log4j2 scanner patch cve-2021-45046 cve-2021-4104 cve-2021-42550 cve-2021-45105 cve-2021-44832 cve-2022-23302 cve-2022-23305 cve-2022-23307

Java

Updated: 1 week, 1 day ago

855 stars 170 fork 170 watcher

Born at : Dec. 11, 2021, 11:18 a.m. This repo has been linked 12 different CVEs too.

lel99999/dev_MesosRI

Mesos re-implementation/Re-imagined/Reference Implementation

Dockerfile

Updated: 2 years, 6 months ago

0 stars 0 fork 0 watcher

Born at : Sept. 8, 2021, 3:15 a.m. This repo has been linked 5 different CVEs too.

n0-traces/cve_monitor

Automatic monitor github cve using Github Actions

Python

Updated: 2 years, 11 months ago

0 stars 56 fork 56 watcher

Born at : April 7, 2021, 11:16 a.m. This repo has been linked 1007 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-9488 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-9488 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Action	Type	Old Value	New Value
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E [No types assigned]
Added	Reference		Apache Software Foundation https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E [No types assigned]
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E
Removed	Reference	Apache Software Foundation https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E

Action	Type	Old Value	New Value
Changed	Reference Type	https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned	https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory
Changed	CPE Configuration	OR cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1::::::: cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0::::::: cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0::::::: cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5::::::: cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0::::::: cpe:2.3:a:oracle:communications_services_gatekeeper:7.0::::::: cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0::::::: cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0::::::: cpe:2.3:a:oracle:data_integrator:12.2.1.3.0::::::: cpe:2.3:a:oracle:data_integrator:12.2.1.4.0::::::: cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::* versions from (including) 8.0.6.0.0 up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6::::::: cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0::::::: cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0::::::: cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6::::::: cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8::::::: cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0::::::: cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6::::::: cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7::::::: cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6::::::: cpe:2.3:a:oracle:flexcube_core_banking:5.2.0::::::: cpe:2.3:a:oracle:flexcube_core_banking::::::::* versions from (including) 11.5.0 up to (including) 11.7.0 cpe:2.3:a:oracle:flexcube_private_banking:12.0.0::::::: cpe:2.3:a:oracle:flexcube_private_banking:12.1.0::::::: cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1::::::: cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::* versions from (including) 5.0.0.0 up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26::::::: cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37::::::: cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12::::::: cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25::::::: cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15::::::: cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26::::::: cpe:2.3:a:oracle:jd_edwards_world_security:a9.4::::::: cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0::::::: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56::::::: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57::::::: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58::::::: cpe:2.3:a:oracle:policy_automation::::::::* versions from (including) 12.2.0 up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6::::::: cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::* versions from (including) 12.2.0 up to (including) 12.2.20 cpe:2.3:a:oracle:primavera_unifier:18.8::::::: cpe:2.3:a:oracle:primavera_unifier:19.12::::::: cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1::::::: cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0::::::: cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0::::::: cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0::::::: cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0::::::: cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0::::::: cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0::::::: cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0::::::: cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0::::::: cpe:2.3:a:oracle:retail_eftlink:15.0.2::::::: cpe:2.3:a:oracle:retail_eftlink:16.0.3::::::: cpe:2.3:a:oracle:retail_eftlink:17.0.2::::::: cpe:2.3:a:oracle:retail_eftlink:18.0.1::::::: cpe:2.3:a:oracle:retail_eftlink:19.0.1::::::: cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0::::::: cpe:2.3:a:oracle:retail_integration_bus:14.1::::::: cpe:2.3:a:oracle:retail_integration_bus:15.0::::::: cpe:2.3:a:oracle:retail_integration_bus:16.0::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3::::::: cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0::::::: cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0::::::: cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2::::::: cpe:2.3:a:oracle:siebel_apps_-_marketing::::::::* versions up to (including) 21.9 cpe:2.3:a:oracle:siebel_ui_framework::::::::* versions up to (including) 21.2 cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1::::::: cpe:2.3:a:oracle:spatial_and_graph:18c::::::: cpe:2.3:a:oracle:spatial_and_graph:19c::::::: cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1::::::: cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0::::::: cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0::::::: cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0::::::: cpe:2.3:a:oracle:utilities_framework::::::::* versions from (including) 4.3.0.1.0 up to (including) 4.3.0.6.0 cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0::::::: cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0::::::: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::	OR cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1::::::: cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0::::::: cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0::::::: cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5::::::: cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0::::::: cpe:2.3:a:oracle:communications_services_gatekeeper:7.0::::::: cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0::::::: cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0::::::: cpe:2.3:a:oracle:data_integrator:12.2.1.3.0::::::: cpe:2.3:a:oracle:data_integrator:12.2.1.4.0::::::: cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::* versions from (including) 8.0.6.0.0 up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6::::::: cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0::::::: cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0::::::: cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6::::::: cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8::::::: cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0::::::: cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6::::::: cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7::::::: cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6::::::: cpe:2.3:a:oracle:flexcube_core_banking:5.2.0::::::: cpe:2.3:a:oracle:flexcube_core_banking::::::::* versions from (including) 11.5.0 up to (including) 11.7.0 cpe:2.3:a:oracle:flexcube_private_banking:12.0.0::::::: cpe:2.3:a:oracle:flexcube_private_banking:12.1.0::::::: cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1::::::: cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::* versions from (including) 5.0.0.0 up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15::::::: cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26::::::: cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37::::::: cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12::::::: cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25::::::: cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15::::::: cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26::::::: cpe:2.3:a:oracle:jd_edwards_world_security:a9.4::::::: cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0::::::: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56::::::: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57::::::: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58::::::: cpe:2.3:a:oracle:policy_automation::::::::* versions from (including) 12.2.0 up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6::::::: cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::* versions from (including) 12.2.0 up to (including) 12.2.20 cpe:2.3:a:oracle:primavera_unifier:18.8::::::: cpe:2.3:a:oracle:primavera_unifier:19.12::::::: cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1::::::: cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0::::::: cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0::::::: cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0::::::: cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0::::::: cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0::::::: cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0::::::: cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0::::::: cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0::::::: cpe:2.3:a:oracle:retail_eftlink:15.0.2::::::: cpe:2.3:a:oracle:retail_eftlink:16.0.3::::::: cpe:2.3:a:oracle:retail_eftlink:17.0.2::::::: cpe:2.3:a:oracle:retail_eftlink:18.0.1::::::: cpe:2.3:a:oracle:retail_eftlink:19.0.1::::::: cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0::::::: cpe:2.3:a:oracle:retail_integration_bus:14.1::::::: cpe:2.3:a:oracle:retail_integration_bus:15.0::::::: cpe:2.3:a:oracle:retail_integration_bus:16.0::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2::::::: cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3::::::: cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0::::::: cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0::::::: cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3::::::: cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2::::::: cpe:2.3:a:oracle:siebel_apps_-_marketing::::::::* versions up to (including) 21.9 cpe:2.3:a:oracle:siebel_ui_framework::::::::* versions up to (including) 21.2 cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1::::::: cpe:2.3:a:oracle:spatial_and_graph:18c::::::: cpe:2.3:a:oracle:spatial_and_graph:19c::::::: cpe:2.3:a:oracle:storagetek_acsls:8.5.1::::::: cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1::::::: cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0::::::: cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0::::::: cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0::::::: cpe:2.3:a:oracle:utilities_framework::::::::* versions from (including) 4.3.0.1.0 up to (including) 4.3.0.6.0 cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0::::::: cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0::::::: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Added	CVSS V3.1		NIST AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Changed	Reference Type	https://issues.apache.org/jira/browse/LOG4J2-2819 No Types Assigned	https://issues.apache.org/jira/browse/LOG4J2-2819 Issue Tracking, Mitigation, Patch, Vendor Advisory
Added	CWE		NIST CWE-295
Added	CPE Configuration		OR cpe:2.3:a:apache:log4j::::::::* versions up to (excluding) 2.13.2

CVE-2020-9488

Apache Log4j SSL (Certificate Validation) Weakness

Description

INFO

April 27, 2020, 4:15 p.m.

Nov. 7, 2023, 3:26 a.m.

Yes !

1.4

2.2

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.19 }} 0.02%

0.55768

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View