Is CVE-2020-9488 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 8%.

What products does CVE-2020-9488 affect?

Tracked products affected include PeopleSoft Enterprise PeopleTools. Check the version you run to see whether it is affected.

How do I fix CVE-2020-9488?

Apply the vendor fix in your normal patch cycle. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2020-9488

Q: What is CVE-2020-9488?

CVE-2020-9488 is a low-severity software vulnerability (CWE-295) with a CVSS score of 3.7. Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in

LOW severity · CVSS 3.7 · CWE-295

3.7CVSS LOW

Summary

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

Impact & exploitability

Attack vectorNetwork

Attack complexityHigh

Privileges requiredNone

User interactionNone

Confidentiality impactLow

Integrity impactNone

Availability impactNone

Exploit probability (EPSS)8%

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products we track (1)

PeopleSoft Enterprise PeopleTools

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: https://issues.apache.org/jira/browse/LOG4J2-2819 ↗

Additional information

NVD record
https://issues.apache.org/jira/browse/LOG4J2-2819Patch
https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E