Vulnerability lake

To find CVE, enter it here

You may use syntax like CVE-2021-25322

CVE-2022-23307

Description

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Severity

CVSS Version 3.x

Base score: 8.8 Exploit score: 2.8 Impact score: 5.9

Base Score (vectoral): CVSS:3.1 - AV:N - AC:L - PR:L - UI:N - S:U - C:H - I:H - A:H

CVSS Version 2.0

Base score: 9 Exploit score: 8 Impact score: 10

Base Score (vectoral): CVSS:2.0 - AV:N - AC:L - Au:S - C:C - I:C - A:C

Weakness Enumeration

CWE-502

Change History

Last Modified: Feb 24, 2023

Known Affected Software Configurations

cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*

References to Advisories, Solutions, and Tools

[MISC] https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh

[MISC] https://logging.apache.org/log4j/1.2/index.html

[MISC] https://www.oracle.com/security-alerts/cpuapr2022.html

[N/A] N/A