Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-8088

Published: 20/03/2018 Updated: 27/12/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Slf4j

Vulnerability Summary

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J prior to 1.8.0-beta2 allows remote malicious users to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qos slf4j 1.8.0

qos slf4j

redhat jboss_enterprise_application_platform 7.1

redhat jboss_enterprise_application_platform 6.0.0

redhat jboss_enterprise_application_platform 6.4.0

redhat virtualization 4.0

redhat virtualization_host 4.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.4

redhat enterprise linux server tus 7.4

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux eus 7.6

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

oracle utilities framework 4.2.0.3.0

oracle utilities framework 4.3.0.2.0

oracle utilities framework 4.2.0.2.0

oracle utilities framework 4.3.0.3.0

oracle utilities framework 4.3.0.4.0

oracle utilities framework 4.3.0.5.0

oracle utilities framework 4.3.0.6.0

oracle utilities framework 4.4.0.0.0

oracle goldengate stream analytics

oracle goldengate application adapters 12.3.2.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: libslf4j-java: CVE-2018-8088: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
Debian Bug report logs - #893684 libslf4j-java: CVE-2018-8088: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution Package: src:libslf4j-java; Maintainer for src:libslf4j-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso ...
Amazon Linux 2: ALAS2-2018-999
Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution:An XML deserialization vulnerability was discovered in slf4j's EventData which accepts anXML serialized string and can lead to arbitrary code execution (CVE-2018-8088) ...
Red Hat: CVE-2018-8088
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 64 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Re ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 64 security update Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform64 and fix three security issues, several bugs, and add variousenhancements are now available fro ...
Red Hat: Important: rh-maven35-slf4j security update
Synopsis Important: rh-maven35-slf4j security update Type/Severity Security Advisory: Important Topic An update for rh-maven35-slf4j is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has r ...
Red Hat: Important: Red Hat Single Sign-On 7.2.2 security update
Synopsis Important: Red Hat Single Sign-On 722 security update Type/Severity Security Advisory: Important Topic Red Hat Single Sign-On 722 is now available for download from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabilit ...
Red Hat: Important: Red Hat JBoss BRMS 6.4.11 security update
Synopsis Important: Red Hat JBoss BRMS 6411 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss BRMSRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: Red Hat Decision Manager 7.0.1 bug fix and security update
Synopsis Important: Red Hat Decision Manager 701 bug fix and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syst ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has r ...
Red Hat: Important: slf4j security update
Synopsis Important: slf4j security update Type/Severity Security Advisory: Important Topic An update for slf4j is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Important: Red Hat JBoss Data Grid 7.2 security update
Synopsis Important: Red Hat JBoss Data Grid 72 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Data GridRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Important: Red Hat JBoss BPM Suite 6.4.11 security update
Synopsis Important: Red Hat JBoss BPM Suite 6411 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss BPM SuiteRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8 security update
Synopsis Important: Red Hat JBoss Data Virtualization 648 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Data VirtualizationRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...
Red Hat: Critical: EAP Continuous Delivery Technical Preview Release 12 security update
Synopsis Critical: EAP Continuous Delivery Technical Preview Release 12 security update Type/Severity Security Advisory: Critical Topic This is a security update for JBoss EAP Continuous Delivery 120Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerabil ...
Red Hat: Important: Red Hat Fuse 7.4.0 security update
Synopsis Important: Red Hat Fuse 740 security update Type/Severity Security Advisory: Important Topic A minor version update (from 73 to 74) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6420 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6420 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Red Hat: Important: rhvm-appliance security and enhancement update
Synopsis Important: rhvm-appliance security and enhancement update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL-7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...
Red Hat: Important: JBoss Enterprise Application Platform 7.1.2 for RHEL 7
Synopsis Important: JBoss Enterprise Application Platform 712 for RHEL 7 Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform 712 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7Re ...
Red Hat: Important: Fuse 7.1 security update
Synopsis Important: Fuse 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...
Red Hat: Important: jboss-ec2-eap package for EAP 7.1.2
Synopsis Important: jboss-ec2-eap package for EAP 712 Type/Severity Security Advisory: Important Topic An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 712 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 712 for Red Ha ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.2 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 712 security update Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform 712, fixes several bugs, and adds various enhancements are now available for Red Hat Enterpri ...
Red Hat: Important: eap6-jboss-ec2-eap security update
Synopsis Important: eap6-jboss-ec2-eap security update Type/Severity Security Advisory: Important Topic An update for jboss-ec2-eap is now available for Red Hat JBoss EnterpriseApplication Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6420 security update Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform6420, fixes several bugs, and adds various enhancements are now available from the Red Hat Cu ...
Red Hat: Important: Red Hat JBoss Operations Network 3.3.11 security and bug fix update
Synopsis Important: Red Hat JBoss Operations Network 3311 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Operations NetworkRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6420 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: JBoss Enterprise Application Platform 7.1.2 on RHEL 6
Synopsis Important: JBoss Enterprise Application Platform 712 on RHEL 6 Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform 712 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6Red ...

Github Repositories

https://github.com/aaronm-sysdig/risk-reset

Disclaimer Notwithstanding anything that may be contained to the contrary in your agreement(s) with Sysdig, Sysdig provides no support, no updates, and no warranty or guarantee of any kind with respect to these script(s), including as to their functionality or their ability to work in your environment(s) Sysdig disclaims all liability and responsibility with respect to any us

https://github.com/aaronm-sysdig/risk-accept

Disclaimer Notwithstanding anything that may be contained to the contrary in your agreement(s) with Sysdig, Sysdig provides no support, no updates, and no warranty or guarantee of any kind with respect to these script(s), including as to their functionality or their ability to work in your environment(s) Sysdig disclaims all liability and responsibility with respect to any us

https://github.com/aikebah/DC-issue1444-demo

Sample project for OWASP Dependency Check issue 1444 This project contains samples that demonstrate the issues reported in DC issue 1444 issue1444-faulty This folder contains project that shows the reported faulty behaviour when DC plugin is configured as a reporting plugin Running mvn site:site on this project works as expected: a dependency-check report is creeated and the

References

NVD-CWE-noinfohttps://jira.qos.ch/browse/SLF4J-431https://jira.qos.ch/browse/SLF4J-430https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405https://access.redhat.com/errata/RHSA-2018:0592https://access.redhat.com/errata/RHSA-2018:0582https://access.redhat.com/errata/RHSA-2018:0630https://access.redhat.com/errata/RHSA-2018:0629https://access.redhat.com/errata/RHSA-2018:0628https://access.redhat.com/errata/RHSA-2018:0627http://www.securitytracker.com/id/1040627https://access.redhat.com/errata/RHSA-2018:1251https://access.redhat.com/errata/RHSA-2018:1249https://access.redhat.com/errata/RHSA-2018:1248https://access.redhat.com/errata/RHSA-2018:1247http://www.securityfocus.com/bid/103737https://access.redhat.com/errata/RHSA-2018:1323https://access.redhat.com/errata/RHSA-2018:1525https://access.redhat.com/errata/RHSA-2018:1451https://access.redhat.com/errata/RHSA-2018:1450https://access.redhat.com/errata/RHSA-2018:1449https://access.redhat.com/errata/RHSA-2018:1448https://access.redhat.com/errata/RHSA-2018:1447https://access.redhat.com/errata/RHSA-2018:1575https://access.redhat.com/errata/RHSA-2018:2143https://access.redhat.com/errata/RHSA-2018:2420https://access.redhat.com/errata/RHSA-2018:2419https://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2018:2930https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://access.redhat.com/errata/RHSA-2019:2413https://access.redhat.com/errata/RHSA-2019:3140https://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.slf4j.org/news.htmlhttps://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3Ehttps://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3Ehttps://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3Ehttps://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3Ehttps://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3Ehttps://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3Ehttps://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3Ehttps://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3Ehttps://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3Ehttps://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20231227-0010/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893684https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2018-999.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook