CVE-2020-9488 vulnerability in Apache and Other Products
Published on April 27, 2020
Vulnerability Analysis
CVE-2020-9488 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2020-9488
You can be notified by stack.watch whenever vulnerabilities like CVE-2020-9488 are published in these products:
What versions are vulnerable to CVE-2020-9488?
- Apache Log4j Version 2.4 Fixed in Version 2.12.3
- Apache Log4j Version 2.13.0 Fixed in Version 2.13.2
- Apache Log4j Version 2.0 Fixed in Version 2.3.2
- Oracle Flexcube Private Banking Version 12.1.0
- Oracle Retail Integration Bus Version 14.1
- Oracle Flexcube Private Banking Version 12.0.0
- Oracle Flexcube Core Banking Version 5.2.0
- Oracle Retail Integration Bus Version 15.0
- Oracle Peoplesoft Enterprise Peopletools Version 8.56
- Oracle Weblogic Server Version 10.3.6.0.0
- Oracle Utilities Framework Version 4.2.0.3.0
- Oracle Utilities Framework Version 4.2.0.2.0
- Oracle Utilities Framework Version 2.2.0.0.0
- Oracle Communications Billing Revenue Management Version 12.0.0.3.0
- Oracle Communications Unified Inventory Management Version 7.4.0
- Oracle Data Integrator Version 12.2.1.3.0
- Oracle Financial Services Analytical Applications Infrastructure Version 8.0.6.0.0 through 8.1.0.0.0
- Oracle Financial Services Market Risk Measurement Management Version 8.0.6
- Oracle Financial Services Price Creation Discovery Version 8.0.7
- Oracle Jd Edwards World Security Version a9.4
- Oracle Peoplesoft Enterprise Peopletools Version 8.57
- Oracle Peoplesoft Enterprise Peopletools Version 8.58
- Oracle Policy Automation Connector Siebel Version 10.4.6
- Oracle Primavera Unifier Version 18.8
- Oracle Primavera Unifier Version 19.12
- Oracle Retail Customer Management Segmentation Foundation Version 16.0
- Oracle Retail Customer Management Segmentation Foundation Version 17.0
- Oracle Retail Customer Management Segmentation Foundation Version 18.0
- Oracle Retail Customer Management Segmentation Foundation Version 19.0
- Oracle Retail Integration Bus Version 16.0
- Oracle Utilities Framework Version 4.3.0.1.0 through 4.3.0.6.0
- Oracle Utilities Framework Version 4.4.0.0.0
- Oracle Utilities Framework Version 4.4.0.2.0
- Oracle Communications Application Session Controller Version 3.9m0p1
- Oracle Communications Billing Revenue Management Version 7.5.0.23.0
- Oracle Communications Offline Mediation Controller Version 12.0.0.3.0
- Oracle Communications Unified Inventory Management Version 7.3.0
- Oracle Enterprise Manager Peoplesoft Version 13.4.1.1
- Oracle Financial Services Institutional Performance Analytics Version 8.0.6
- Oracle Financial Services Institutional Performance Analytics Version 8.1.0
- Oracle Financial Services Institutional Performance Analytics Version 8.7.0
- Oracle Financial Services Market Risk Measurement Management Version 8.0.8
- Oracle Financial Services Market Risk Measurement Management Version 8.1.0
- Oracle Financial Services Price Creation Discovery Version 8.0.6
- Oracle Financial Services Retail Customer Analytics Version 8.0.6
- Oracle Flexcube Core Banking Version 11.5.0 through 11.7.0
- Oracle Insurance Insbridge Rating Underwriting Version 5.0.0.0 through 5.6.0.0
- Oracle Insurance Insbridge Rating Underwriting Version 5.6.1.0
- Oracle Insurance Policy Administration J2ee Version 10.2.0.37
- Oracle Insurance Policy Administration J2ee Version 10.2.4.12
- Oracle Insurance Policy Administration J2ee Version 11.0.2.25
- Oracle Insurance Policy Administration J2ee Version 11.1.0.15
- Oracle Insurance Rules Palette Version 10.2.0.37
- Oracle Insurance Rules Palette Version 10.2.4.12
- Oracle Insurance Rules Palette Version 11.0.2.25
- Oracle Insurance Rules Palette Version 11.1.0.15
- Oracle Insurance Rules Palette Version 11.2.0.26
- Oracle Policy Automation Version 12.2.0 through 12.2.20
- Oracle Policy Automation Mobile Devices Version 12.2.0 through 12.2.20
- Oracle Retail Advanced Inventory Planning Version 14.1
- Oracle Retail Assortment Planning Version 15.0.3.0
- Oracle Retail Assortment Planning Version 16.0.3.0
- Oracle Retail Bulk Data Integration Version 15.0.3.0
- Oracle Retail Bulk Data Integration Version 16.0.3.0
- Oracle Retail Order Broker Cloud Service Version 16.0
- Oracle Retail Order Broker Cloud Service Version 18.0
- Oracle Retail Order Broker Cloud Service Version 19.0
- Oracle Retail Order Broker Cloud Service Version 19.1
- Oracle Retail Order Broker Cloud Service Version 19.3
- Oracle Retail Predictive Application Server Version 14.1.3.0
- Oracle Retail Predictive Application Server Version 15.0.3.0
- Oracle Spatial And Graph Version 18c
- Oracle Spatial And Graph Version 19c
- Oracle Communications Eagle Ftp Table Base Retrieval Version 4.5
- Oracle Communications Services Gatekeeper Version 7.0
- Oracle Data Integrator Version 12.2.1.4.0
- Oracle Health Sciences Information Manager Version 3.0.1
- Oracle Insurance Policy Administration J2ee Version 11.2.0.26
- Oracle Goldengate Application Adapters Version 19.1.0.0.0
- Oracle Retail Eftlink Version 15.0.2
- Oracle Retail Eftlink Version 16.0.3
- Oracle Retail Eftlink Version 17.0.2
- Oracle Retail Eftlink Version 18.0.1
- Oracle Retail Eftlink Version 19.0.1
- Oracle Retail Insights Cloud Service Suite Version 19.0
- Oracle Retail Order Broker Cloud Service Version 19.2
- Oracle Retail Predictive Application Server Version 16.0.3.0
- Oracle Retail Xstore Point Of Service Version 15.0.4
- Oracle Retail Xstore Point Of Service Version 16.0.6
- Oracle Retail Xstore Point Of Service Version 17.0.4
- Oracle Retail Xstore Point Of Service Version 18.0.3
- Oracle Retail Xstore Point Of Service Version 19.0.2
- Oracle Siebel Apps Marketing Up to Version 21.9
- Oracle Siebel Ui Framework Up to Version 21.2
- Oracle Spatial And Graph Version 12.2.0.1
- Oracle Storagetek Acsls Version 8.5.1
- Oracle Storagetek Tape Analytics Sw Tool Version 2.3.1
- Debian Linux Version 9.0
- Debian Linux Version 10.0
- Debian Linux Version 11.0
- Qos Reload4j Fixed in Version 1.2.18.3