CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh | Mailing List Vendor Advisory |
https://logging.apache.org/log4j/1.2/index.html | Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2022-01-18 08:15
Updated : 2023-02-24 07:29
NVD link : CVE-2022-23307
Mitre link : CVE-2022-23307
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
apache
- chainsaw
- log4j
oracle
- tuxedo
- communications_offline_mediation_controller
- healthcare_foundation
- communications_unified_inventory_management
- weblogic_server
- mysql_enterprise_monitor
- e-business_suite_cloud_manager_and_cloud_backup_module
- hyperion_data_relationship_management
- communications_instant_messaging_server
- enterprise_manager_base_platform
- advanced_supply_chain_planning
- jdeveloper
- retail_extract_transform_and_load
- communications_messaging_server
- business_process_management_suite
- identity_management_suite
- middleware_common_libraries_and_tools
- identity_manager_connector
- communications_network_integrity
- communications_eagle_ftp_table_base_retrieval
- business_intelligence
- financial_services_revenue_management_and_billing_analytics
- hyperion_infrastructure_technology
qos
- reload4j