H3C Security Vulnerability-Log Component SLF4J Security Vulnerability - CVE-2018-8088
04-02-2021【Summary】
Recently, the log component SLF4J exposed a security vulnerability, the vulnerability number is CVE-2018-8088.
【Impact】
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 may cause remote attackers to bypass intended access restrictions via crafted data.
【Software Versions and Fixes】
Product Name | Affected Version | Resolved Product and Version |
iMC PLAT | All | Upgrade to iMC PLAT 7.3 (E0605P04) |
SecPath GAP2000(Gatekeeper) | All | TBC Before Sep 30,2018 |
SecPath X-Scan Leak System | All | TBC Before Sep 30,2018 |
【Temporary Fix】
None
【Revision History】
2018-07-04 V1.0 INITIAL
2018-08-31 V1.0 UPDATE
H3C advocates that every effort be made to safeguard the ultimate interests of product users, to abide by principles of responsible disclosure of security incidents, and to handle product security issues in accordance with security issues mechanisms. For information on H3C's security emergency response service and H3C product vulnerabilities, please visithttps://www.h3c.com/en/Support/Online_Help/psirt/.