Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache log4j |
||
oracle communications application session controller 3.9m0p1 |
||
oracle communications billing and revenue management 7.5.0.23.0 |
||
oracle communications billing and revenue management 12.0.0.3.0 |
||
oracle communications eagle ftp table base retrieval 4.5 |
||
oracle communications offline mediation controller 12.0.0.3.0 |
||
oracle communications services gatekeeper 7.0 |
||
oracle communications unified inventory management 7.3.0 |
||
oracle communications unified inventory management 7.4.0 |
||
oracle data integrator 12.2.1.3.0 |
||
oracle data integrator 12.2.1.4.0 |
||
oracle enterprise manager for peoplesoft 13.4.1.1 |
||
oracle financial services analytical applications infrastructure |
||
oracle financial services institutional performance analytics 8.0.6 |
||
oracle financial services institutional performance analytics 8.1.0 |
||
oracle financial services institutional performance analytics 8.7.0 |
||
oracle financial services market risk measurement and management 8.0.6 |
||
oracle financial services market risk measurement and management 8.0.8 |
||
oracle financial services market risk measurement and management 8.1.0 |
||
oracle financial services price creation and discovery 8.0.6 |
||
oracle financial services price creation and discovery 8.0.7 |
||
oracle financial services retail customer analytics 8.0.6 |
||
oracle flexcube core banking |
||
oracle flexcube core banking 5.2.0 |
||
oracle flexcube private banking 12.0.0 |
||
oracle flexcube private banking 12.1.0 |
||
oracle health sciences information manager 3.0.1 |
||
oracle insurance insbridge rating and underwriting |
||
oracle insurance insbridge rating and underwriting 5.6.1.0 |
||
oracle insurance policy administration j2ee 10.2.0.37 |
||
oracle insurance policy administration j2ee 10.2.4.12 |
||
oracle insurance policy administration j2ee 11.0.2.25 |
||
oracle insurance policy administration j2ee 11.1.0.15 |
||
oracle insurance policy administration j2ee 11.2.0.26 |
||
oracle insurance rules palette 10.2.0.37 |
||
oracle insurance rules palette 10.2.4.12 |
||
oracle insurance rules palette 11.0.2.25 |
||
oracle insurance rules palette 11.1.0.15 |
||
oracle insurance rules palette 11.2.0.26 |
||
oracle jd edwards world security a9.4 |
||
oracle oracle goldengate application adapters 19.1.0.0.0 |
||
oracle peoplesoft enterprise peopletools 8.56 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle policy automation |
||
oracle policy automation connector for siebel 10.4.6 |
||
oracle policy automation for mobile devices |
||
oracle primavera unifier 18.8 |
||
oracle primavera unifier 19.12 |
||
oracle retail advanced inventory planning 14.1 |
||
oracle retail assortment planning 15.0.3.0 |
||
oracle retail assortment planning 16.0.3.0 |
||
oracle retail bulk data integration 15.0.3.0 |
||
oracle retail bulk data integration 16.0.3.0 |
||
oracle retail customer management and segmentation foundation 16.0 |
||
oracle retail customer management and segmentation foundation 17.0 |
||
oracle retail customer management and segmentation foundation 18.0 |
||
oracle retail customer management and segmentation foundation 19.0 |
||
oracle retail eftlink 15.0.2 |
||
oracle retail eftlink 16.0.3 |
||
oracle retail eftlink 17.0.2 |
||
oracle retail eftlink 18.0.1 |
||
oracle retail eftlink 19.0.1 |
||
oracle retail insights cloud service suite 19.0 |
||
oracle retail integration bus 14.1 |
||
oracle retail integration bus 15.0 |
||
oracle retail integration bus 16.0 |
||
oracle retail order broker cloud service 16.0 |
||
oracle retail order broker cloud service 18.0 |
||
oracle retail order broker cloud service 19.0 |
||
oracle retail order broker cloud service 19.1 |
||
oracle retail order broker cloud service 19.2 |
||
oracle retail order broker cloud service 19.3 |
||
oracle retail predictive application server 14.1.3.0 |
||
oracle retail predictive application server 15.0.3.0 |
||
oracle retail predictive application server 16.0.3.0 |
||
oracle retail xstore point of service 15.0.4 |
||
oracle retail xstore point of service 16.0.6 |
||
oracle retail xstore point of service 17.0.4 |
||
oracle retail xstore point of service 18.0.3 |
||
oracle retail xstore point of service 19.0.2 |
||
oracle siebel apps - marketing |
||
oracle siebel ui framework |
||
oracle spatial and graph 12.2.0.1 |
||
oracle spatial and graph 18c |
||
oracle spatial and graph 19c |
||
oracle storagetek acsls 8.5.1 |
||
oracle storagetek tape analytics sw tool 2.3.1 |
||
oracle utilities framework |
||
oracle utilities framework 2.2.0.0.0 |
||
oracle utilities framework 4.2.0.2.0 |
||
oracle utilities framework 4.2.0.3.0 |
||
oracle utilities framework 4.4.0.0.0 |
||
oracle utilities framework 4.4.0.2.0 |
||
oracle weblogic server 10.3.6.0.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
qos reload4j |
Get our weekly newsletter Plus: Ransomware gangster sentenced, Dell patches more Log4j bugs, and cartoon apes gone bad
In Brief Triton malware remains a threat to the global energy sector, according to an FBI warning. Triton is the software nasty used in a 2017 cyber attack carried out by a Russian government-backed research institution against a Middle East petrochemical facility. The new FBI warning [PDF] came a day after the US Department of Justice unsealed a pair of indictments that detail alleged Russian government efforts to use supply chain attacks and malware in an attempt to compromise and control crit...
Vulmon