Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2018-8088

CVE-2018-8088:
Improper Access Control in SLF4J

9.8

CVSS Score

Basic Information

CVE ID
CVE-2018-8088
GHSA ID
GHSA-w77p-8cfg-2x43
EPSS Score
-
CWE
CWE-284
Published
5/13/2022
Updated
12/29/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.slf4j:slf4j-extmaven<= 1.7.251.7.26
org.slf4j:slf4j-extmaven>= 1.8.0-alpha0, <= 1.8.0-beta21.8.0-beta4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The EventData class in the slf4j-ext module was identified as the source of the vulnerability. The patch added a deprecation notice to this class, indicating that it will be removed due to a security vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

or*.sl**j.*xt.*v*nt**t* in t** sl**j-*xt mo*ul* in QOS.** SL**J ***or* `*.*.*-**t**` *llows r*mot* *tt**k*rs to *yp*ss int*n*** ****ss r*stri*tions vi* *r**t** **t*. *v*nt**t* in t** sl**j-*xt mo*ul* in QOS.** SL**J, **s ***n *ix** in SL**J v*rsion `

Reasoning

T** *v*nt**t* *l*ss in t** sl**j-*xt mo*ul* w*s i**nti*i** *s t** sour** o* t** vuln*r**ility. T** p*t** ***** * **pr***tion noti** to t*is *l*ss, in*i**tin* t**t it will ** r*mov** *u* to * s**urity vuln*r**ility.