CVE-2018-8088

CRITICAL

QOS.CH SLF4J <1.8.0-beta2 - Auth Bypass

Title source: llm
STIX 2.1

Description

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

References (63)

Core 63
Core References
Issue Tracking, Vendor Advisory
https://jira.qos.ch/browse/SLF4J-430
Issue Tracking, Vendor Advisory
https://jira.qos.ch/browse/SLF4J-431
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1448
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1040627
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1449
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1248
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1251
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2143
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1450
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2669
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1323
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2420
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0630
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1525
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1575
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1451
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0629
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0628
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0582
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/103737
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2419
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1447
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1247
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0627
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:2930
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:1249
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:0592
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2413
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3140

Scores

CVSS v3 9.8
EPSS 0.1509
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (31)
oracle/goldengate_application_adapters 12.3.2.1.0
oracle/goldengate_stream_analytics < 19.1.0.0.1
oracle/utilities_framework 4.2.0.2.0
oracle/utilities_framework 4.2.0.3.0
oracle/utilities_framework 4.3.0.2.0
oracle/utilities_framework 4.3.0.3.0
oracle/utilities_framework 4.3.0.4.0
oracle/utilities_framework 4.3.0.5.0
oracle/utilities_framework 4.3.0.6.0
oracle/utilities_framework 4.4.0.0.0
... and 21 more
Published Mar 20, 2018
Tracked Since Feb 18, 2026