CVE-2022-23307

Published Jan 18, 2022
Last updated 2 years ago
CVSS high 8.8
Overview

Description: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Source: security@apache.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-502
security@apache.org: CWE-502
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A0D9BED-411E-4E62-A281-237D3C90FFEB",
            "versionEndExcluding": "2.1.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56EF3EFE-3632-4CDD-90EF-D2E614E05886",
            "versionEndExcluding": "2.0",
            "versionStartIncluding": "1.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB681829-2B2A-4BDB-8DC5-B3C7D359F4C5",
            "versionEndExcluding": "1.2.18.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557"
          },
          {
            "criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0331158C-BBE0-42DB-8180-EB1FCD290567"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11",
            "versionEndExcluding": "12.0.0.4.4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86EF205C-9CB1-4772-94D1-0B744EF3342D",
            "versionEndExcluding": "2.2.1.1.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6ED0EE39-C080-4E75-AE0F-3859B57EF851"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "054B56E0-F11B-4939-B7E1-E722C67A041A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "250A493C-E052-4978-ABBE-786DC8038448"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E2B771B-230A-4811-94D7-065C2722E428"
          },
          {
            "criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E67501BE-206A-49FD-8CBA-22935DF917F1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B",
            "versionEndExcluding": "11.2.8.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4",
            "versionEndExcluding": "11.2.8.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708"
          },
          {
            "criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
            "versionEndIncluding": "8.0.29"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB7D0A30-3986-49AB-B7F3-DAE0024504BA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
