CVE-2018-8088

high-risk

Published 2018-03-20

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

Do I need to act?

1.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 7a35058597b49f220b751ad56ac0b45e570c2205, d2b27fba88e983f921558da27fc29b5f5d269405

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Slf4J

Jboss Enterprise Application Platform

Virtualization

Virtualization Host

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Affected Vendors

Redhat Oracle Qos

References (126)

Third Party Advisory http://www.securityfocus.com/bid/103737

Third Party Advisory http://www.securitytracker.com/id/1040627

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0582

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0592

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0627

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0628

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0629

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0630

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1247

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1248

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1249

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1251

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1323

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1447

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1448

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1449

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1450

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1451

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1525

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1575

and 106 more references

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 5/34 · Minimal

Exposure 23/34 · High