CVE-2022-23307: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Affected

41 ranges· showing 25

Vendor	Product	Version range	Fixed in
apache	chainsaw	< 2.1.0	2.1.0
apache	log4j	>= 1.2 < 2.0	2.0
debian	apache-log4j1.2	< apache-log4j1.2 1.2.17-11 (bookworm)	apache-log4j1.2 1.2.17-11 (bookworm)
linux	linux_kernel	>= 0 < 5.15.0-116.126	5.15.0-116.126
oracle	advanced_supply_chain_planning	—	—
oracle	advanced_supply_chain_planning	—	—
oracle	business_intelligence	—	—
oracle	business_intelligence	—	—
oracle	business_intelligence	—	—
oracle	business_process_management_suite	—	—
oracle	business_process_management_suite	—	—
oracle	communications_eagle_ftp_table_base_retrieval	—	—
oracle	communications_instant_messaging_server	—	—
oracle	communications_messaging_server	—	—
oracle	communications_network_integrity	—	—
oracle	communications_offline_mediation_controller	< 12.0.0.4.4	12.0.0.4.4
oracle	communications_offline_mediation_controller	—	—
oracle	communications_unified_inventory_management	—	—
oracle	communications_unified_inventory_management	—	—
oracle	e-business_suite_cloud_manager_and_cloud_backup_module	< 2.2.1.1.1	2.2.1.1.1
oracle	e-business_suite_cloud_manager_and_cloud_backup_module	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	financial_services_revenue_management_and_billing_analytics	—	—
oracle	financial_services_revenue_management_and_billing_analytics	—	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ghsa9.8CRITICAL

osv9.8CRITICAL