CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Severity
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
apachechainsaw
𝑥
< 2.1.0
apachelog4j
1.2 ≤
𝑥
< 2.0
qosreload4j
𝑥
< 1.2.18.1
oracleadvanced_supply_chain_planning
12.1
oracleadvanced_supply_chain_planning
12.2
oraclebusiness_intelligence
5.9.0.0.0
oraclebusiness_intelligence
12.2.1.3.0
oraclebusiness_intelligence
12.2.1.4.0
oraclebusiness_process_management_suite
12.2.1.3.0
oraclebusiness_process_management_suite
12.2.1.4.0
oraclecommunications_eagle_ftp_table_base_retrieval
4.5
oraclecommunications_instant_messaging_server
10.0.1.5.0
oraclecommunications_messaging_server
8.1
oraclecommunications_network_integrity
7.3.6
oraclecommunications_offline_mediation_controller
𝑥
< 12.0.0.4.4
oraclecommunications_offline_mediation_controller
12.0.0.5.0
oraclecommunications_unified_inventory_management
7.4.1
oraclecommunications_unified_inventory_management
7.4.2
oraclee-business_suite_cloud_manager_and_cloud_backup_module
𝑥
< 2.2.1.1.1
oraclee-business_suite_cloud_manager_and_cloud_backup_module
2.2.1.1.1
oracleenterprise_manager_base_platform
13.4.0.0
oracleenterprise_manager_base_platform
13.5.0.0
oraclefinancial_services_revenue_management_and_billing_analytics
2.7.0.0
oraclefinancial_services_revenue_management_and_billing_analytics
2.7.0.1
oraclefinancial_services_revenue_management_and_billing_analytics
2.8.0.0
oraclehealthcare_foundation
8.1.0
oraclehyperion_data_relationship_management
𝑥
< 11.2.8.0
oraclehyperion_infrastructure_technology
𝑥
< 11.2.8.0
oracleidentity_management_suite
12.2.1.3.0
oracleidentity_management_suite
12.2.1.4.0
oracleidentity_manager_connector
11.1.1.5.0
oraclejdeveloper
12.2.1.3.0
oraclemiddleware_common_libraries_and_tools
12.2.1.4.0
oraclemysql_enterprise_monitor
𝑥
≤ 8.0.29
oracleretail_extract_transform_and_load
13.2.5
oracletuxedo
12.2.2.0.0
oracleweblogic_server
12.2.1.3.0
oracleweblogic_server
12.2.1.4.0
oracleweblogic_server
14.1.1.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache-log4j1.2
bullseye
1.2.17-10+deb11u1
fixed
sid
1.2.17-11
fixed
trixie
1.2.17-11
fixed
bookworm
1.2.17-11
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache-log4j1.2
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
not-affected
jammy
not-affected
impish
ignored
focal
Fixed 1.2.17-9ubuntu0.2
released
bionic
Fixed 1.2.17-8+deb10u1ubuntu0.2
released
xenial
Fixed 1.2.17-7ubuntu1+esm1
released
trusty
needs-triage