CVE-2020-9488
lowCVSS v3 Base Score
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 91% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
CWE
CWE-295Affected Products
apache log4joracle communications application session controlleroracle communications billing and revenue managementoracle communications eagle ftp table base retrievaloracle communications offline mediation controlleroracle communications services gatekeeperoracle communications unified inventory managementoracle data integratororacle enterprise manager for peoplesoftoracle financial services analytical applications infrastructure