CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Published: Jan 18, 2022
Updated: May 9, 2024
CVE: CVE-2022-23307
GHSA: GHSA-f7vh-qwp3-x37m
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
apache / chainsaw	-	2.1.0
apache / log4j	1.2	2.0
qos / reload4j	-	1.2.18.1
oracle / weblogic_server	12.2.1.3.0	12.2.1.3.0.x
oracle / business_intelligence	12.2.1.3.0	12.2.1.3.0.x
oracle / business_process_management_suite	12.2.1.3.0	12.2.1.3.0.x
oracle / jdeveloper	12.2.1.3.0	12.2.1.3.0.x
oracle / identity_management_suite	12.2.1.3.0	12.2.1.3.0.x
oracle / business_intelligence	12.2.1.4.0	12.2.1.4.0.x
oracle / weblogic_server	12.2.1.4.0	12.2.1.4.0.x
oracle / weblogic_server	14.1.1.0.0	14.1.1.0.0.x
oracle / enterprise_manager_base_platform	13.4.0.0	13.4.0.0.x
oracle / communications_network_integrity	7.3.6	7.3.6.x
oracle / business_process_management_suite	12.2.1.4.0	12.2.1.4.0.x
oracle / advanced_supply_chain_planning	12.2	12.2.x
oracle / advanced_supply_chain_planning	12.1	12.1.x
oracle / communications_unified_inventory_management	7.4.1	7.4.1.x
oracle / enterprise_manager_base_platform	13.5.0.0	13.5.0.0.x
oracle / communications_messaging_server	8.1	8.1.x
oracle / business_intelligence	5.9.0.0.0	5.9.0.0.0.x
oracle / healthcare_foundation	8.1.0	8.1.0.x
oracle / communications_eagle_ftp_table_base_retrieval	4.5	4.5.x
oracle / retail_extract_transform_and_load	13.2.5	13.2.5.x
oracle / identity_manager_connector	11.1.1.5.0	11.1.1.5.0.x
oracle / communications_unified_inventory_management	7.4.2	7.4.2.x
oracle / communications_instant_messaging_server	10.0.1.5.0	10.0.1.5.0.x
oracle / middleware_common_libraries_and_tools	12.2.1.4.0	12.2.1.4.0.x
oracle / identity_management_suite	12.2.1.4.0	12.2.1.4.0.x
oracle / financial_services_revenue_management_and_billing_analytics	2.7.0.0	2.7.0.0.x
oracle / hyperion_data_relationship_management	-	11.2.8.0
oracle / financial_services_revenue_management_and_billing_analytics	2.8.0.0	2.8.0.0.x
oracle / mysql_enterprise_monitor	-	8.0.29.x
oracle / hyperion_infrastructure_technology	-	11.2.8.0
oracle / tuxedo	12.2.2.0.0	12.2.2.0.0.x
oracle / e-business_suite_cloud_manager_and_cloud_backup_module	-	2.2.1.1.1
oracle / e-business_suite_cloud_manager_and_cloud_backup_module	2.2.1.1.1	2.2.1.1.1.x
oracle / financial_services_revenue_management_and_billing_analytics	2.7.0.1	2.7.0.1.x
oracle / communications_offline_mediation_controller	12.0.0.5.0	12.0.0.5.0.x
oracle / communications_offline_mediation_controller	-	12.0.0.4.4
log4j / log4j	-	1.2.17.x

Vulnerability Database

CVE-2022-23307

Deep Security Visibility Without the Complexity