CVE-2018-8088
Description
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.836
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0.0 | Windows |
| Vulnerabilities CVE-2018-8088 are fixed in SLF4J-slf4j-ext 1.7.26 | Windows |
| Vulnerabilities CVE-2018-8088 are fixed in SLF4J-slf4j-ext 1.8.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.4.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1 | Windows |
| Slf4j security update (CESA-2018:0592) slf4j-1.7.4-4.el7_4.noarch.rpm | Linux |
| Slf4j security update (CESA-2018:0592) slf4j-manual-1.7.4-4.el7_4.noarch.rpm | Linux |
| Slf4j security update (CESA-2018:0592) slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm | Linux |
| (RHSA-2018:0592) Important: slf4j security update slf4j-1.7.4-4.el7_4.noarch.rpm | Linux |
| (RHSA-2018:0592) Important: slf4j security update slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm | Linux |
| (RHSA-2018:0592) Important: slf4j security update slf4j-manual-1.7.4-4.el7_4.noarch.rpm | Linux |
| Slf4j update (ELSA-2018-0592) slf4j-1.7.4-4.el7_4.noarch.rpm | Linux |
| Slf4j-javadoc update (ELSA-2018-0592) slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm | Linux |
| Slf4j-manual update (ELSA-2018-0592) slf4j-manual-1.7.4-4.el7_4.noarch.rpm | Linux |
| Apache-commons-collections update (ELSA-2024-3061) apache-commons-collections-3.2.2-10.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Apache-commons-lang update (ELSA-2024-3061) apache-commons-lang-2.6-21.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Apache-commons-net update (ELSA-2024-3061) apache-commons-net-3.6-3.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Bea-stax-api update (ELSA-2024-3061) bea-stax-api-1.2.0-16.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Fasterxml-oss-parent update (ELSA-2024-3061) fasterxml-oss-parent-49-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Glassfish-fastinfoset update (ELSA-2024-3061) glassfish-fastinfoset-1.2.13-9.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Glassfish-jaxb-api update (ELSA-2024-3061) glassfish-jaxb-api-2.2.12-8.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Glassfish-jaxb-core update (ELSA-2024-3061) glassfish-jaxb-core-2.2.11-12.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Glassfish-jaxb-runtime update (ELSA-2024-3061) glassfish-jaxb-runtime-2.2.11-12.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Glassfish-jaxb-txw2 update (ELSA-2024-3061) glassfish-jaxb-txw2-2.2.11-12.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Idm-jss update (ELSA-2024-3061) idm-jss-4.11.0-1.module+el8.10.0+90282+4ef18d4b.x86_64.rpm | Linux |
| Idm-jss-javadoc update (ELSA-2024-3061) idm-jss-javadoc-4.11.0-1.module+el8.10.0+90282+4ef18d4b.x86_64.rpm | Linux |
| Idm-ldapjdk update (ELSA-2024-3061) idm-ldapjdk-4.24.0-1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Idm-ldapjdk-javadoc update (ELSA-2024-3061) idm-ldapjdk-javadoc-4.24.0-1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Idm-pki-acme update (ELSA-2024-3061) idm-pki-acme-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Idm-pki-base update (ELSA-2024-3061) idm-pki-base-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Idm-pki-base-java update (ELSA-2024-3061) idm-pki-base-java-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Idm-pki-ca update (ELSA-2024-3061) idm-pki-ca-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Idm-pki-kra update (ELSA-2024-3061) idm-pki-kra-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Idm-pki-server update (ELSA-2024-3061) idm-pki-server-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Idm-pki-symkey update (ELSA-2024-3061) idm-pki-symkey-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.x86_64.rpm | Linux |
| Idm-pki-tools update (ELSA-2024-3061) idm-pki-tools-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.x86_64.rpm | Linux |
| Idm-tomcatjss update (ELSA-2024-3061) idm-tomcatjss-7.8.0-1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Jackson-annotations update (ELSA-2024-3061) jackson-annotations-2.14.2-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jackson-bom update (ELSA-2024-3061) jackson-bom-2.14.2-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jackson-core update (ELSA-2024-3061) jackson-core-2.14.2-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jackson-databind update (ELSA-2024-3061) jackson-databind-2.14.2-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jackson-jaxrs-json-provider update (ELSA-2024-3061) jackson-jaxrs-json-provider-2.14.2-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jackson-jaxrs-providers update (ELSA-2024-3061) jackson-jaxrs-providers-2.14.2-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jackson-module-jaxb-annotations update (ELSA-2024-3061) jackson-module-jaxb-annotations-2.14.2-2.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jackson-modules-base update (ELSA-2024-3061) jackson-modules-base-2.14.2-2.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jackson-parent update (ELSA-2024-3061) jackson-parent-2.14-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Jakarta-commons-httpclient update (ELSA-2024-3061) jakarta-commons-httpclient-3.1-28.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Javassist update (ELSA-2024-3061) javassist-3.18.1-8.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Javassist-javadoc update (ELSA-2024-3061) javassist-javadoc-3.18.1-8.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Pki-servlet-engine update (ELSA-2024-3061) pki-servlet-engine-9.0.62-1.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Python3-idm-pki update (ELSA-2024-3061) python3-idm-pki-10.15.0-1.0.1.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| RelaxngDatatype update (ELSA-2024-3061) relaxngDatatype-2011.1-7.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Resteasy update (ELSA-2024-3061) resteasy-3.0.26-7.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Resteasy-javadoc update (ELSA-2024-3061) resteasy-javadoc-3.0.26-7.module+el8.10.0+90282+4ef18d4b.noarch.rpm | Linux |
| Slf4j update (ELSA-2024-3061) slf4j-1.7.25-4.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Slf4j-jdk14 update (ELSA-2024-3061) slf4j-jdk14-1.7.25-4.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Stax-ex update (ELSA-2024-3061) stax-ex-1.7.7-8.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Velocity update (ELSA-2024-3061) velocity-1.7-24.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Xalan-j2 update (ELSA-2024-3061) xalan-j2-2.7.1-38.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Xerces-j2 update (ELSA-2024-3061) xerces-j2-2.11.0-34.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Xml-commons-apis update (ELSA-2024-3061) xml-commons-apis-1.4.01-25.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Xml-commons-resolver update (ELSA-2024-3061) xml-commons-resolver-1.2-26.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Xmlstreambuffer update (ELSA-2024-3061) xmlstreambuffer-1.5.4-8.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| Xsom update (ELSA-2024-3061) xsom-0-19.20110809svn.module+el8.10.0+90302+23fbc0c1.noarch.rpm | Linux |
| slf4j Security Update (ALAS-2018-999) slf4j-1.7.4-4.amzn2.noarch.rpm | Linux |
| slf4j Security Update (ALAS-2018-999) slf4j-manual-1.7.4-4.amzn2.noarch.rpm | Linux |
| slf4j Security Update (ALAS-2018-999) slf4j-javadoc-1.7.4-4.amzn2.noarch.rpm | Linux |
| Vulnerabilities CVE-2018-8088 are fixed in SLF4J-slf4j-ext for Linux 1.7.26 | Linux |
| Vulnerabilities CVE-2018-8088 are fixed in SLF4J-slf4j-ext for Linux 1.8.0 | Linux |
| CVE-2018-8088 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234