CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh | Mailing List Vendor Advisory |
https://logging.apache.org/log4j/1.2/index.html | Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2022-01-18 16:15
Updated : 2024-02-28 18:48
NVD link : CVE-2022-23307
Mitre link : CVE-2022-23307
CVE.ORG link : CVE-2022-23307
JSON object : View
Products Affected
oracle
- financial_services_revenue_management_and_billing_analytics
- healthcare_foundation
- e-business_suite_cloud_manager_and_cloud_backup_module
- communications_instant_messaging_server
- advanced_supply_chain_planning
- identity_management_suite
- communications_network_integrity
- enterprise_manager_base_platform
- business_process_management_suite
- communications_messaging_server
- identity_manager_connector
- communications_unified_inventory_management
- jdeveloper
- business_intelligence
- communications_eagle_ftp_table_base_retrieval
- tuxedo
- middleware_common_libraries_and_tools
- hyperion_data_relationship_management
- mysql_enterprise_monitor
- hyperion_infrastructure_technology
- weblogic_server
- communications_offline_mediation_controller
- retail_extract_transform_and_load
qos
- reload4j
apache
- log4j
- chainsaw
CWE
CWE-502
Deserialization of Untrusted Data