CVE-2020-9488
Published at:
-
27-04-2020 06:15
Last modified:
-
12-05-2022 05:00
Total changes:
-
25
Description
Common Vulnerability Scoring System (CVSS)
High
Attack complexity
Network
Attack vector
None
Availability
Low
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
3.7
Base score
2.2
1.4
Exploitability score
Impact score
Verification logic
Reference
- https://issues.apache.org/jira/browse/LOG4J2-2819
- [zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488-Mailing List, Vendor Advisory
- [zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488-Mailing List, Vendor Advisory
- https://security.netapp.com/advisory/ntap-20200504-0003/
- [zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489-Mailing List, Vendor Advisory
- [zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488-Mailing List, Vendor Advisory
- [zookeeper-dev] 20200504 log4j SmtpAppender related CVE-Mailing List, Vendor Advisory
- [zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488-Mailing List, Vendor Advisory
- [zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488-Mailing List, Vendor Advisory
- [zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488-Mailing List, Vendor Advisory
- [zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488-Mailing List, Patch, Vendor Advisory
- [zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488-Mailing List, Vendor Advisory
- [zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488-Mailing List, Patch, Vendor Advisory
- [zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488-Mailing List, Patch, Vendor Advisory
- [zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488-Mailing List, Vendor Advisory
- [kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities-Mailing List, Vendor Advisory
- [kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities-Mailing List, Vendor Advisory
- [kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488-Mailing List, Vendor Advisory
- [kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488-Mailing List, Vendor Advisory
- [kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2020.html
- [db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.html
- [hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E
- [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list-Mailing List, Vendor Advisory
- https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
- https://www.oracle.com/security-alerts/cpujan2021.html
- [hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Issue Tracking, Mailing List, Vendor Advisory
- [db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?-Mailing List, Vendor Advisory
- [db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?-Mailing List, Vendor Advisory
- [hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488-Mailing List, Vendor Advisory
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar-Mailing List, Vendor Advisory
- [flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.html
- [kafka-users] 20210617 vulnerabilities-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.html
- DSA-5020-Third Party Advisory
- [debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.html
Keywords