CVE-2022-23307

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh Mailing List Vendor Advisory
https://logging.apache.org/log4j/1.2/index.html Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
Information

Published : 2022-01-18 08:15

Updated : 2023-02-24 07:29

NVD link : CVE-2022-23307

Mitre link : CVE-2022-23307

JSON object : View

CWE
CWE-502

Deserialization of Untrusted Data

Advertisement

dedicated server usa
Products Affected

apache

  • chainsaw
  • log4j

oracle

  • tuxedo
  • communications_offline_mediation_controller
  • healthcare_foundation
  • communications_unified_inventory_management
  • weblogic_server
  • mysql_enterprise_monitor
  • e-business_suite_cloud_manager_and_cloud_backup_module
  • hyperion_data_relationship_management
  • communications_instant_messaging_server
  • enterprise_manager_base_platform
  • advanced_supply_chain_planning
  • jdeveloper
  • retail_extract_transform_and_load
  • communications_messaging_server
  • business_process_management_suite
  • identity_management_suite
  • middleware_common_libraries_and_tools
  • identity_manager_connector
  • communications_network_integrity
  • communications_eagle_ftp_table_base_retrieval
  • business_intelligence
  • financial_services_revenue_management_and_billing_analytics
  • hyperion_infrastructure_technology

qos

  • reload4j