CVE-2020-9493: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Affected

42 ranges· showing 25

Vendor	Product	Version range	Fixed in
apache	chainsaw	< 2.1.0	2.1.0
apache	log4j	>= 1.2 < 2.0	2.0
apache_software_foundation	apache_log4j_1.x	>= 1.2.1 < unspecified	unspecified
apache_software_foundation	apache_log4j_1.x	unspecified – 2.0-alpha1	—
debian	apache-log4j1.2	< apache-log4j1.2 1.2.17-11 (bookworm)	apache-log4j1.2 1.2.17-11 (bookworm)
oracle	advanced_supply_chain_planning	—	—
oracle	advanced_supply_chain_planning	—	—
oracle	business_intelligence	—	—
oracle	business_intelligence	—	—
oracle	business_intelligence	—	—
oracle	business_process_management_suite	—	—
oracle	business_process_management_suite	—	—
oracle	communications_eagle_ftp_table_base_retrieval	—	—
oracle	communications_instant_messaging_server	—	—
oracle	communications_messaging_server	—	—
oracle	communications_network_integrity	—	—
oracle	communications_offline_mediation_controller	< 12.0.0.4.4	12.0.0.4.4
oracle	communications_offline_mediation_controller	—	—
oracle	communications_unified_inventory_management	—	—
oracle	communications_unified_inventory_management	—	—
oracle	e-business_suite_cloud_manager_and_cloud_backup_module	< 2.2.1.1.1	2.2.1.1.1
oracle	e-business_suite_cloud_manager_and_cloud_backup_module	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	financial_services_revenue_management_and_billing_analytics	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ghsa9.8CRITICAL

osv9.8CRITICAL