The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLF4J

vulnerability CVE-2018-8088

Simple Logging Facade for Java: code execution via EventData XML Deserialisation

Synthesis of the vulnerability

An attacker can use a vulnerability via EventData XML Deserialisation of Simple Logging Facade for Java, in order to run code.
Impacted products: Fedora, openSUSE Leap, RHEL, JBoss EAP by Red Hat, SLF4J, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: 1548909, CVE-2018-8088, FEDORA-2018-a4353f97db, FEDORA-2018-a46b358764, openSUSE-SU-2018:1625-1, RHSA-2018:0582-01, RHSA-2018:0592-01, RHSA-2018:0627-01, RHSA-2018:0628-01, RHSA-2018:0629-01, RHSA-2018:0630-01, RHSA-2018:1247-01, RHSA-2018:1248-01, RHSA-2018:1249-01, RHSA-2018:1251-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:1575-01, RHSA-2018:2419-01, RHSA-2018:2420-01, RHSA-2018:2669-01, RHSA-2018:2930-01, SUSE-SU-2018:1744-1, VIGILANCE-VUL-25650, ZOOKEEPER-2952.

Description of the vulnerability

An attacker can use a vulnerability via EventData XML Deserialisation of Simple Logging Facade for Java, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLF4J: