CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh | Mailing List Vendor Advisory |
https://logging.apache.org/log4j/1.2/index.html | Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
24 Feb 2023, 15:29
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:* |
|
First Time |
Oracle communications Instant Messaging Server
Oracle communications Offline Mediation Controller Oracle retail Extract Transform And Load |
25 Jul 2022, 18:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2022, 21:16
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
First Time |
Oracle communications Unified Inventory Management
Oracle communications Eagle Ftp Table Base Retrieval Oracle tuxedo Oracle financial Services Revenue Management And Billing Analytics Oracle business Intelligence Oracle identity Manager Connector Oracle communications Messaging Server Oracle healthcare Foundation Oracle identity Management Suite Oracle middleware Common Libraries And Tools Oracle mysql Enterprise Monitor Oracle hyperion Infrastructure Technology Oracle jdeveloper Oracle enterprise Manager Base Platform Oracle business Process Management Suite Oracle advanced Supply Chain Planning Oracle communications Network Integrity Oracle e-business Suite Cloud Manager And Cloud Backup Module Oracle hyperion Data Relationship Management Oracle Oracle weblogic Server |
|
CPE | cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Apr 2022, 16:42
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
08 Apr 2022, 13:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:* | |
First Time |
Qos reload4j
Qos |
24 Jan 2022, 18:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache chainsaw
Apache Apache log4j |
|
CWE | CWE-502 | |
References | (MISC) https://logging.apache.org/log4j/1.2/index.html - Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh - Mailing List, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CPE | cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:* cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* |
18 Jan 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-18 16:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-23307
Mitre link : CVE-2022-23307
CVE.ORG link : CVE-2022-23307
JSON object : View
Products Affected
qos
- reload4j
oracle
- tuxedo
- healthcare_foundation
- e-business_suite_cloud_manager_and_cloud_backup_module
- communications_instant_messaging_server
- identity_management_suite
- middleware_common_libraries_and_tools
- jdeveloper
- communications_unified_inventory_management
- enterprise_manager_base_platform
- communications_eagle_ftp_table_base_retrieval
- communications_messaging_server
- financial_services_revenue_management_and_billing_analytics
- identity_manager_connector
- communications_offline_mediation_controller
- communications_network_integrity
- hyperion_infrastructure_technology
- business_intelligence
- weblogic_server
- advanced_supply_chain_planning
- business_process_management_suite
- retail_extract_transform_and_load
- hyperion_data_relationship_management
- mysql_enterprise_monitor
apache
- log4j
- chainsaw
CWE
CWE-502
Deserialization of Untrusted Data