SUSE CVE-2020-9488

🗓️ 15 Feb 2023 04:00:53Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

SUSE CVE-2020-9488 fixes host name validation in Apache Log4j SMTP appender to prevent man-in-the-middle attacks.

Reporter	Title	Published	Views	Family All 132
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.	23 Jun 202118:01	–	ibm
IBM Security Bulletins	Security Bulletin: An IBM QRadar SIEM SNMP protocol is vulnerable to a denial of service, SQL injection and could allow a remote attacker to execute arbitrary code on the system.	15 May 202408:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component	20 Jul 202215:54	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)	25 Nov 202117:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities from log4j affect IBM Operations Analytics - Log Analysis (CVE-2019-17571, CVE-2020-9488)	17 Nov 202207:52	–	ibm
IBM Security Bulletins	Security Bulletin: Order Management could be subject to Log4j 1.x vulnerability that could be exploited to remotely execute arbitrary code .	12 Apr 202417:42	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerability Affects IBM Control Center (CVE-2020-9488)	30 Jul 202105:03	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-9488)	13 Jan 202114:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.	3 Mar 202607:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)	22 Jun 202222:12	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	log4j	2.13.2-1.9	log4j-2.13.2-1.9.noarch.rpm
SUSE Linux Enterprise Desktop	15.4	any	log4j	2.17.1-4.20.1	log4j-2.17.1-4.20.1.noarch.rpm
SUSE Linux Enterprise Server	15.4	any	log4j	2.17.1-4.20.1	log4j-2.17.1-4.20.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.4	any	log4j	2.17.1-4.20.1	log4j-2.17.1-4.20.1.noarch.rpm
SUSE Linux Enterprise Desktop	15.5	any	log4j	2.17.2-150200.4.24.13	log4j-2.17.2-150200.4.24.13.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	log4j	2.17.2-150200.4.24.13	log4j-2.17.2-150200.4.24.13.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.5	any	log4j	2.17.2-150200.4.24.13	log4j-2.17.2-150200.4.24.13.noarch.rpm
SUSE Linux Enterprise Desktop	15.6	any	log4j	2.17.2-150200.4.27.45	log4j-2.17.2-150200.4.27.45.noarch.rpm
SUSE Linux Enterprise Desktop	15.7	any	log4j	2.17.2-150200.4.27.45	log4j-2.17.2-150200.4.27.45.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	log4j	2.17.2-150200.4.27.45	log4j-2.17.2-150200.4.27.45.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2020-9488
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1170535

16 Jul 2025 02:29Current

8.5High risk

Vulners AI Score8.5

CVSS 3.13.7

EPSS0.00037

SUSE CVE 2020 9488 host name validation log4j smtp appender man-in-the-middle