CVE-2022-23307
Published Jan 18, 2022
Last updated 2 years ago
Overview
- Description
- CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
- Source
- security@apache.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A0D9BED-411E-4E62-A281-237D3C90FFEB",
"versionEndExcluding": "2.1.0"
},
{
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56EF3EFE-3632-4CDD-90EF-D2E614E05886",
"versionEndExcluding": "2.0",
"versionStartIncluding": "1.2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB681829-2B2A-4BDB-8DC5-B3C7D359F4C5",
"versionEndExcluding": "1.2.18.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557"
},
{
"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0331158C-BBE0-42DB-8180-EB1FCD290567"
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583"
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C"
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F"
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906"
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA"
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC"
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48"
},
{
"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10"
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175"
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11",
"versionEndExcluding": "12.0.0.4.4"
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734"
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D"
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86EF205C-9CB1-4772-94D1-0B744EF3342D",
"versionEndExcluding": "2.2.1.1.1"
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6ED0EE39-C080-4E75-AE0F-3859B57EF851"
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140"
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "054B56E0-F11B-4939-B7E1-E722C67A041A"
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "250A493C-E052-4978-ABBE-786DC8038448"
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E2B771B-230A-4811-94D7-065C2722E428"
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E67501BE-206A-49FD-8CBA-22935DF917F1"
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B",
"versionEndExcluding": "11.2.8.0"
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4",
"versionEndExcluding": "11.2.8.0"
},
{
"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708"
},
{
"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E"
},
{
"criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD"
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B"
},
{
"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1"
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
"versionEndIncluding": "8.0.29"
},
{
"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7"
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB7D0A30-3986-49AB-B7F3-DAE0024504BA"
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
}
],
"operator": "OR"
}
]
}
]