CVE-2022-23307

CVSS V2 High 9 CVSS V3 High 8.8
Description
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Overview
  • CVE ID
  • CVE-2022-23307
  • Assigner
  • security@apache.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-01-18T16:15:08
  • Last Modified Date
  • 2023-02-24T15:29:49
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:* 1 OR 2.1.0
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* 1 OR 1.2 2.0
cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:* 1 OR 1.2.18.1
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* 1 OR
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:* 1 OR
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:* 1 OR
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:* 1 OR 2.2.1.1.1
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:* 1 OR 11.2.8.0
cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:* 1 OR 11.2.8.0
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* 1 OR 8.0.29
cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9
  • Severity
  • HIGH
  • Exploitability Score
  • 8
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 5.9
History
Created Old Value New Value Data Type Notes
2022-04-20 16:58:46 Added to TrackCVE
2022-12-06 06:52:30 2022-01-18T16:15Z 2022-01-18T16:15:08 CVE Published Date updated
2022-12-06 06:52:30 2022-07-25T18:21:13 CVE Modified Date updated
2022-12-06 06:52:30 Modified Vulnerability Status updated
2022-12-06 06:52:35 References updated
2022-12-30 15:12:57 Modified Undergoing Analysis Vulnerability Status updated
2023-02-24 16:13:21 2023-02-24T15:29:49 CVE Modified Date updated
2023-02-24 16:13:21 Undergoing Analysis Analyzed Vulnerability Status updated