CVE-2020-9488 (CNNVD-202004-2164)

LOW
中文标题:
Apache Log4j 信任管理问题漏洞
英文标题:
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allo...
CVSS分数: 3.7
发布时间: 2020-04-27 15:36:10
漏洞类型: 信任管理问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4j 中存在信任管理问题漏洞,该漏洞源于SmtpAppender没有验证主机名称与SMTPS连接的SSL/TLS证书是否匹配。攻击者可通过实施中间人攻击利用该漏洞拦截SMTPS连接,获取日志消息。

英文描述:

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

CWE类型:
CWE-295
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Apache Apache Log4j log4j-core 2.13.0 - - cpe:2.3:a:apache:apache_log4j:log4j-core_2.13.0:*:*:*:*:*:*:*
apache log4j * - - cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
oracle communications_application_session_controller 3.9m0p1 - - cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*
oracle communications_billing_and_revenue_management 7.5.0.23.0 - - cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
oracle communications_billing_and_revenue_management 12.0.0.3.0 - - cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
oracle communications_eagle_ftp_table_base_retrieval 4.5 - - cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
oracle communications_offline_mediation_controller 12.0.0.3.0 - - cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
oracle communications_services_gatekeeper 7.0 - - cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
oracle communications_unified_inventory_management 7.3.0 - - cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*
oracle communications_unified_inventory_management 7.4.0 - - cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
oracle data_integrator 12.2.1.3.0 - - cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
oracle data_integrator 12.2.1.4.0 - - cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
oracle enterprise_manager_for_peoplesoft 13.4.1.1 - - cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*
oracle financial_services_analytical_applications_infrastructure * - - cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
oracle financial_services_institutional_performance_analytics 8.0.6 - - cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
oracle financial_services_institutional_performance_analytics 8.1.0 - - cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
oracle financial_services_institutional_performance_analytics 8.7.0 - - cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*
oracle financial_services_market_risk_measurement_and_management 8.0.6 - - cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
oracle financial_services_market_risk_measurement_and_management 8.0.8 - - cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
oracle financial_services_market_risk_measurement_and_management 8.1.0 - - cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
oracle financial_services_price_creation_and_discovery 8.0.6 - - cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
oracle financial_services_price_creation_and_discovery 8.0.7 - - cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
oracle financial_services_retail_customer_analytics 8.0.6 - - cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
oracle flexcube_core_banking * - - cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
oracle flexcube_core_banking 5.2.0 - - cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*
oracle flexcube_private_banking 12.0.0 - - cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
oracle flexcube_private_banking 12.1.0 - - cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
oracle health_sciences_information_manager 3.0.1 - - cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*
oracle insurance_insbridge_rating_and_underwriting * - - cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0 - - cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
oracle insurance_policy_administration_j2ee 10.2.0.37 - - cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37:*:*:*:*:*:*:*
oracle insurance_policy_administration_j2ee 10.2.4.12 - - cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12:*:*:*:*:*:*:*
oracle insurance_policy_administration_j2ee 11.0.2.25 - - cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
oracle insurance_policy_administration_j2ee 11.1.0.15 - - cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
oracle insurance_policy_administration_j2ee 11.2.0.26 - - cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26:*:*:*:*:*:*:*
oracle insurance_rules_palette 10.2.0.37 - - cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37:*:*:*:*:*:*:*
oracle insurance_rules_palette 10.2.4.12 - - cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.0.2.25 - - cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.1.0.15 - - cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.2.0.26 - - cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:*
oracle jd_edwards_world_security a9.4 - - cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
oracle oracle_goldengate_application_adapters 19.1.0.0.0 - - cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.56 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.57 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
oracle policy_automation * - - cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*
oracle policy_automation_connector_for_siebel 10.4.6 - - cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices * - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*
oracle primavera_unifier 18.8 - - cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
oracle primavera_unifier 19.12 - - cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
oracle retail_advanced_inventory_planning 14.1 - - cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
oracle retail_assortment_planning 15.0.3.0 - - cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*
oracle retail_assortment_planning 16.0.3.0 - - cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*
oracle retail_bulk_data_integration 15.0.3.0 - - cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:*
oracle retail_bulk_data_integration 16.0.3.0 - - cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*
oracle retail_customer_management_and_segmentation_foundation 16.0 - - cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*
oracle retail_customer_management_and_segmentation_foundation 17.0 - - cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
oracle retail_customer_management_and_segmentation_foundation 18.0 - - cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
oracle retail_customer_management_and_segmentation_foundation 19.0 - - cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
oracle retail_eftlink 15.0.2 - - cpe:2.3:a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:*
oracle retail_eftlink 16.0.3 - - cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*
oracle retail_eftlink 17.0.2 - - cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*
oracle retail_eftlink 18.0.1 - - cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*
oracle retail_eftlink 19.0.1 - - cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*
oracle retail_insights_cloud_service_suite 19.0 - - cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:*:*:*:*:*:*:*
oracle retail_integration_bus 14.1 - - cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*
oracle retail_integration_bus 15.0 - - cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
oracle retail_integration_bus 16.0 - - cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
oracle retail_order_broker_cloud_service 16.0 - - cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:*
oracle retail_order_broker_cloud_service 18.0 - - cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0:*:*:*:*:*:*:*
oracle retail_order_broker_cloud_service 19.0 - - cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0:*:*:*:*:*:*:*
oracle retail_order_broker_cloud_service 19.1 - - cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1:*:*:*:*:*:*:*
oracle retail_order_broker_cloud_service 19.2 - - cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2:*:*:*:*:*:*:*
oracle retail_order_broker_cloud_service 19.3 - - cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3:*:*:*:*:*:*:*
oracle retail_predictive_application_server 14.1.3.0 - - cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*
oracle retail_predictive_application_server 15.0.3.0 - - cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*
oracle retail_predictive_application_server 16.0.3.0 - - cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 15.0.4 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 16.0.6 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 17.0.4 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 18.0.3 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 19.0.2 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
oracle siebel_apps_-_marketing * - - cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*
oracle siebel_ui_framework * - - cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
oracle spatial_and_graph 12.2.0.1 - - cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:*
oracle spatial_and_graph 18c - - cpe:2.3:a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:*
oracle spatial_and_graph 19c - - cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:*
oracle storagetek_acsls 8.5.1 - - cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
oracle storagetek_tape_analytics_sw_tool 2.3.1 - - cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
oracle utilities_framework * - - cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
oracle utilities_framework 2.2.0.0.0 - - cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*
oracle utilities_framework 4.2.0.2.0 - - cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
oracle utilities_framework 4.2.0.3.0 - - cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
oracle utilities_framework 4.4.0.0.0 - - cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
oracle utilities_framework 4.4.0.2.0 - - cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
oracle weblogic_server 10.3.6.0.0 - - cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
debian debian_linux 9.0 - - cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debian debian_linux 10.0 - - cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian debian_linux 11.0 - - cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
qos reload4j * - - cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489 mailing-list
cve.org
访问
[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-dev] 20200504 log4j SmtpAppender related CVE mailing-list
cve.org
访问
[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 mailing-list
cve.org
访问
[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 mailing-list
cve.org
访问
[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities mailing-list
cve.org
访问
[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities mailing-list
cve.org
访问
[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 mailing-list
cve.org
访问
[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 mailing-list
cve.org
访问
[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685 mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board? mailing-list
cve.org
访问
[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board? mailing-list
cve.org
访问
[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 mailing-list
cve.org
访问
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar mailing-list
cve.org
访问
[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1 mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
[kafka-users] 20210617 vulnerabilities mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
DSA-5020 vendor-advisory
cve.org
访问
[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
CVSS评分详情
3.7
LOW
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS版本: 3.1
机密性
LOW
完整性
NONE
可用性
NONE
时间信息
发布时间:
2020-04-27 15:36:10
修改时间:
2024-08-04 10:26:16
创建时间:
2025-11-11 15:36:30
更新时间:
2025-11-11 15:55:58
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2020-9488 2025-11-11 15:20:43 2025-11-11 07:36:30
NVD nvd_CVE-2020-9488 2025-11-11 14:56:58 2025-11-11 07:44:52
CNNVD cnnvd_CNNVD-202004-2164 2025-11-11 15:10:25 2025-11-11 07:55:58
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:55:58
vulnerability_type: 未提取 → 信任管理问题; cnnvd_id: 未提取 → CNNVD-202004-2164; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 信任管理问题
  • cnnvd_id: 未提取 -> CNNVD-202004-2164
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:44:52
severity: SeverityLevel.MEDIUM → SeverityLevel.LOW; cvss_score: 未提取 → 3.7; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 1 → 100; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.LOW
  • cvss_score: 未提取 -> 3.7
  • cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • cvss_version: NOT_EXTRACTED -> 3.1
  • affected_products_count: 1 -> 100
  • data_sources: ['cve'] -> ['cve', 'nvd']