9.8

CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QosSlf4j Version < 1.7.26
QosSlf4j Version1.8.0 Updatealpha1
QosSlf4j Version1.8.0 Updatealpha2
QosSlf4j Version1.8.0 Updatebeta1
QosSlf4j Version1.8.0 Updatebeta2
RedhatJboss Enterprise Application Platform Version7.1
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
RedhatVirtualization Version4.0
   RedhatEnterprise Linux Server Version7.0
RedhatVirtualization Host Version4.0
   RedhatEnterprise Linux Server Version7.0
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
OracleGoldengate Application Adapters Version12.3.2.1.0
OracleGoldengate Stream Analytics Version < 19.1.0.0.1
OracleUtilities Framework Version4.2.0.2.0
OracleUtilities Framework Version4.2.0.3.0
OracleUtilities Framework Version4.3.0.2.0
OracleUtilities Framework Version4.3.0.3.0
OracleUtilities Framework Version4.3.0.4.0
OracleUtilities Framework Version4.3.0.5.0
OracleUtilities Framework Version4.3.0.6.0
OracleUtilities Framework Version4.4.0.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.09% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2669
Third Party Advisory
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2143
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1447
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1448
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1449
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1450
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1451
Third Party Advisory
https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E
https://access.redhat.com/errata/RHSA-2018:2930
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1525
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1247
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1248
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1249
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1251
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3140
Third Party Advisory
http://www.securityfocus.com/bid/103737
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040627
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0582
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0592
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0627
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0628
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0629
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0630
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1323
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1575
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2419
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2420
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2413
Third Party Advisory
https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
Patch
Third Party Advisory
https://jira.qos.ch/browse/SLF4J-430
Vendor Advisory
Issue Tracking
https://jira.qos.ch/browse/SLF4J-431
Vendor Advisory
Issue Tracking
https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E
https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E
https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E
https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E
https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E
https://security.netapp.com/advisory/ntap-20231227-0010/
https://www.slf4j.org/news.html